diff options
| author | Magnus Hagander <magnus@hagander.net> | 2007-12-03 13:40:11 +0000 |
|---|---|---|
| committer | Magnus Hagander <magnus@hagander.net> | 2007-12-03 13:40:11 +0000 |
| commit | 6ca2f8483f5cd6c22362dbbe9353524162ed8d54 (patch) | |
| tree | 1082a10616b7eee040979b5580fa4c8a5473e070 | |
| parent | 57da4cca27ab8d693f1fd7ac5d0c95df2fb68cc7 (diff) | |
| download | postgresql-6ca2f8483f5cd6c22362dbbe9353524162ed8d54.tar.gz postgresql-6ca2f8483f5cd6c22362dbbe9353524162ed8d54.zip | |
Add missing documentation for SSPI packets.
| -rw-r--r-- | doc/src/sgml/protocol.sgml | 68 |
1 files changed, 62 insertions, 6 deletions
diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml index 5ae7a7293ff..b4831275192 100644 --- a/doc/src/sgml/protocol.sgml +++ b/doc/src/sgml/protocol.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.68 2007/07/18 12:00:47 mha Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.69 2007/12/03 13:40:11 mha Exp $ --> <chapter id="protocol"> <title>Frontend/Backend Protocol</title> @@ -230,10 +230,10 @@ The server then sends an appropriate authentication request message, to which the frontend must reply with an appropriate authentication response message (such as a password). - For all authentication methods except GSSAPI, there is at most + For all authentication methods except GSSAPI and SSPI, there is at most one request and one response. In some methods, no response at all is needed from the frontend, and so no authentication request - occurs. For GSSAPI, multiple iterations of packets may be needed to + occurs. For GSSAPI and SSPI, multiple iterations of packets may be needed to complete the authentication. </para> @@ -345,12 +345,25 @@ </varlistentry> <varlistentry> + <term>AuthenticationSSPI</term> + <listitem> + <para> + The frontend must now initiate a SSPI negotiation. The frontend + will send a PasswordMessage with the first part of the SSPI + data stream in response to this. If further messages are needed, + the server will respond with AuthenticationGSSContinue. + </para> + </listitem> + + </varlistentry> + <varlistentry> <term>AuthenticationGSSContinue</term> <listitem> <para> This message contains the response data from the previous step - of GSSAPI negotiation (AuthenticationGSS or a previous - AuthenticationGSSContinue). If the GSSAPI data in this message + of GSSAPI or SSPI negotiation (AuthenticationGSS, AuthenticationSSPI + or a previous AuthenticationGSSContinue). If the GSSAPI + or SSPI data in this message indicates more data is needed to complete the authentication, the frontend must send this data as another PasswordMessage. If GSSAPI authentication is completed by this message, the server @@ -1708,6 +1721,49 @@ AuthenticationGSS (B) <varlistentry> <term> +AuthenticationSSPI (B) +</term> +<listitem> +<para> + +<variablelist> +<varlistentry> +<term> + Byte1('R') +</term> +<listitem> +<para> + Identifies the message as an authentication request. +</para> +</listitem> +</varlistentry> +<varlistentry> +<term> + Int32(8) +</term> +<listitem> +<para> + Length of message contents in bytes, including self. +</para> +</listitem> +</varlistentry> +<varlistentry> +<term> + Int32(9) +</term> +<listitem> +<para> + Specifies that SSPI authentication is required. +</para> +</listitem> +</varlistentry> +</variablelist> + +</para> +</listitem> +</varlistentry> +<varlistentry> +<term> AuthenticationGSSContinue (B) </term> <listitem> @@ -1750,7 +1806,7 @@ AuthenticationGSSContinue (B) </term> <listitem> <para> - GSSAPI authentication data. + GSSAPI or SSPI authentication data. </para> </listitem> </varlistentry> |