Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
Greenplum
Gpdb
提交
83521131
G
Gpdb
项目概览
Greenplum
/
Gpdb
通知
7
Star
1
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
Gpdb
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
83521131
编写于
8月 16, 2002
作者:
B
Bruce Momjian
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
This patch improves the "Client Authentication" section of the user's
guide in a few minor ways. Neil Conway
上级
b4794bfb
变更
1
显示空白变更内容
内联
并排
Showing
1 changed file
with
23 addition
and
18 deletion
+23
-18
doc/src/sgml/client-auth.sgml
doc/src/sgml/client-auth.sgml
+23
-18
未找到文件。
doc/src/sgml/client-auth.sgml
浏览文件 @
83521131
<!--
$Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.3
5 2002/04/09 00:38:24
momjian Exp $
$Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.3
6 2002/08/16 04:48:16
momjian Exp $
-->
<chapter id="client-authentication">
...
...
@@ -29,8 +29,9 @@ $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.35 2002/04/09 00:38:24
<para>
<productname>PostgreSQL</productname> offers a number of different
client authentication methods. The method to be used can be selected
on the basis of (client) host, database, and user.
client authentication methods. The method used to authenticate a
particular client connection can be selected on the basis of
(client) host address, database, and user.
</para>
<para>
...
...
@@ -56,8 +57,8 @@ $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.35 2002/04/09 00:38:24
<filename>pg_hba.conf</filename> in the data directory, e.g.,
<filename>/usr/local/pgsql/data/pg_hba.conf</filename>.
(<acronym>HBA</> stands for host-based authentication.) A default
<filename>pg_hba.conf</filename> file is installed when the data
area
is initialized by <command>initdb</command>.
<filename>pg_hba.conf</filename> file is installed when the data
directory
is initialized by <command>initdb</command>.
</para>
<para>
...
...
@@ -124,7 +125,7 @@ hostssl <replaceable>database</replaceable> <replaceable>user</replaceable> <rep
enabled with the <option>-l</> option or equivalent configuration
setting when the server is started. (Note: <literal>host</literal>
records will match either SSL or non-SSL connection attempts, but
<literal>hostssl</literal> records require
s
SSL connections.)
<literal>hostssl</literal> records require SSL connections.)
</para>
</listitem>
</varlistentry>
...
...
@@ -199,9 +200,11 @@ hostssl <replaceable>database</replaceable> <replaceable>user</replaceable> <rep
<term><literal>trust</></term>
<listitem>
<para>
The connection is allowed unconditionally. This method allows
any user that has login access to the client host to connect as
any <productname>PostgreSQL</productname> user whatsoever.
The connection is allowed unconditionally. This method
allows anyone that can connect to the
<productname>PostgreSQL</productname> database to login as
any <productname>PostgreSQL</productname> user they like,
without the need for a password.
</para>
</listitem>
</varlistentry>
...
...
@@ -222,7 +225,7 @@ hostssl <replaceable>database</replaceable> <replaceable>user</replaceable> <rep
<para>
Requires the client to supply an MD5 encrypted password for
authentication. This is the only method that allows encrypted
passwords to be stored in
pg_shadow
.
passwords to be stored in
<structname>pg_shadow</structname>
.
</para>
</listitem>
</varlistentry>
...
...
@@ -273,15 +276,17 @@ hostssl <replaceable>database</replaceable> <replaceable>user</replaceable> <rep
<listitem>
<para>
For TCP/IP connections, authentication is done by contacting
the <firstterm>ident</firstterm> server on the client host.
This is only as secure as the client machine. You must specify
the map name after the 'ident' keyword. It determines how to
map remote user names to PostgreSQL user names. If you use
the <firstterm>ident</firstterm> server on the client
host. This is only as secure as the client machine. You must
specify the map name after the 'ident' keyword. It
determines how to map remote user names to
<productname>PostgreSQL</productname> user names. If you use
"sameuser", the user names are assumed to be identical. If
not, the map name is looked up in the $PGDATA/pg_ident.conf
file. The connection is accepted if that file contains an
entry for this map name with the ident-supplied user name and
the requested PostgreSQL user name.
entry for this map name with the ident-supplied user name
and the requested <productname>PostgreSQL</productname> user
name.
</para>
<para>
On machines that support unix-domain socket credentials
...
...
@@ -317,8 +322,8 @@ hostssl <replaceable>database</replaceable> <replaceable>user</replaceable> <rep
<literal>postgresql</literal>. You can optionally supply you
own service name after the <literal>pam</> keyword in the
file. For more information about PAM, please read the <ulink
url="http://www.kernel.org/pub/linux/libs/pam/"><productname>L
inux-PAM</productname>
Page</ulink> and the <ulink
url="http://www.kernel.org/pub/linux/libs/pam/"><productname>L
inux-PAM</>
Page</ulink> and the <ulink
url="http://www.sun.com/software/solaris/pam/"><systemitem
class="osname">Solaris</> PAM Page</ulink>.
</para>
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录