diff options
| author | Bruce Momjian <bruce@momjian.us> | 2001-08-15 18:42:16 +0000 |
|---|---|---|
| committer | Bruce Momjian <bruce@momjian.us> | 2001-08-15 18:42:16 +0000 |
| commit | 38bb1abcda9119957e836f731a1cfea6d2079499 (patch) | |
| tree | 8f61d7b57cc171d8307a81dc7c4b7a382be58f43 /doc/src | |
| parent | 397f65d102b7f9998411f2a8c2d1c66dfe712320 (diff) | |
| download | postgresql-38bb1abcda9119957e836f731a1cfea6d2079499.tar.gz postgresql-38bb1abcda9119957e836f731a1cfea6d2079499.zip | |
Use MD5 for wire protocol encryption for >= 7.2 client/server.
Allow pg_shadow to be MD5 encrypted.
Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user.
Add password_encryption postgresql.conf option.
Update wire protocol version to 2.1.
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/client-auth.sgml | 9 | ||||
| -rw-r--r-- | doc/src/sgml/protocol.sgml | 4 | ||||
| -rw-r--r-- | doc/src/sgml/ref/alter_user.sgml | 9 | ||||
| -rw-r--r-- | doc/src/sgml/ref/create_user.sgml | 13 | ||||
| -rw-r--r-- | doc/src/sgml/runtime.sgml | 26 |
5 files changed, 35 insertions, 26 deletions
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index 6e7a1d834de..a7c9c8616b3 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1,4 +1,4 @@ -<!-- $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.15 2001/08/01 23:25:39 tgl Exp $ --> +<!-- $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.16 2001/08/15 18:42:14 momjian Exp $ --> <chapter id="client-authentication"> <title>Client Authentication</title> @@ -205,11 +205,10 @@ hostssl <replaceable>database</replaceable> <replaceable>IP-address</replaceable <para> Like the <literal>password</literal> method, but the password is sent over the wire encrypted using a simple - challenge-response protocol. This is still not - cryptographically secure but it protects against incidental + challenge-response protocol. This protects against incidental wire-sniffing. The name of a file may follow the - <literal>crypt</literal> keyword that contains a list of users - that this record pertains to. + <literal>crypt</literal> keyword. It contains a list of users + for this record. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml index ec35b9c96df..a6351dd8bd2 100644 --- a/doc/src/sgml/protocol.sgml +++ b/doc/src/sgml/protocol.sgml @@ -1,4 +1,4 @@ -<!-- $Header: /cvsroot/pgsql/doc/src/sgml/protocol.sgml,v 1.18 2001/06/22 23:27:48 petere Exp $ --> +<!-- $Header: /cvsroot/pgsql/doc/src/sgml/protocol.sgml,v 1.19 2001/08/15 18:42:14 momjian Exp $ --> <chapter id="protocol"> <title>Frontend/Backend Protocol</title> @@ -1295,7 +1295,7 @@ EncryptedPasswordPacket (F) </Term> <ListItem> <Para> - The encrypted (using crypt()) password. + The encrypted (using MD5 or crypt()) password. </Para> </ListItem> </VarListEntry> diff --git a/doc/src/sgml/ref/alter_user.sgml b/doc/src/sgml/ref/alter_user.sgml index 534d2a7eb2d..3a502197ab2 100644 --- a/doc/src/sgml/ref/alter_user.sgml +++ b/doc/src/sgml/ref/alter_user.sgml @@ -1,5 +1,5 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/ref/alter_user.sgml,v 1.14 2001/07/10 22:09:27 tgl Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/ref/alter_user.sgml,v 1.15 2001/08/15 18:42:14 momjian Exp $ Postgres documentation --> @@ -27,7 +27,7 @@ ALTER USER <replaceable class="PARAMETER">username</replaceable> [ [ WITH ] <rep where <replaceable class="PARAMETER">option</replaceable> can be: - PASSWORD '<replaceable class="PARAMETER">password</replaceable>' + [ ENCRYPTED | UNENCRYPTED ] PASSWORD '<replaceable class="PARAMETER">password</replaceable>' | CREATEDB | NOCREATEDB | CREATEUSER | NOCREATEUSER | VALID UNTIL '<replaceable class="PARAMETER">abstime</replaceable>' @@ -53,10 +53,13 @@ where <replaceable class="PARAMETER">option</replaceable> can be: </varlistentry> <varlistentry> - <term><replaceable class="PARAMETER">password</replaceable></term> + <term><replaceable class="PARAMETER">[ encrypted | unencrypted ] password</replaceable></term> <listitem> <para> The new password to be used for this account. + <literal>Encrypted</literal>/ <literal>unencrypted</literal> + controls whether the password is stored encrypted in the + database. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/create_user.sgml b/doc/src/sgml/ref/create_user.sgml index 8c97dbcf867..f72b20f59d7 100644 --- a/doc/src/sgml/ref/create_user.sgml +++ b/doc/src/sgml/ref/create_user.sgml @@ -1,5 +1,5 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_user.sgml,v 1.17 2001/07/10 22:09:27 tgl Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_user.sgml,v 1.18 2001/08/15 18:42:14 momjian Exp $ Postgres documentation --> @@ -28,7 +28,7 @@ CREATE USER <replaceable class="PARAMETER">username</replaceable> [ [ WITH ] <re where <replaceable class="PARAMETER">option</replaceable> can be: SYSID <replaceable class="PARAMETER">uid</replaceable> - | PASSWORD '<replaceable class="PARAMETER">password</replaceable>' + | [ ENCRYPTED | UNENCRYPTED ] PASSWORD '<replaceable class="PARAMETER">password</replaceable>' | CREATEDB | NOCREATEDB | CREATEUSER | NOCREATEUSER | IN GROUP <replaceable class="PARAMETER">groupname</replaceable> [, ...] @@ -72,12 +72,19 @@ where <replaceable class="PARAMETER">option</replaceable> can be: </varlistentry> <varlistentry> - <term><replaceable class="parameter">password</replaceable></term> + <term><replaceable class="parameter">[ encrypted | unencrypted ] password</replaceable></term> <listitem> <para> Sets the user's password. If you do not plan to use password authentication you can omit this option, otherwise the user won't be able to connect to a password-authenticated server. + </para> + <para> + <literal>ENCRYPTED/UNENCRYPTED</literal> controls whether the + password is stored encrypted in the database. Older clients may + have trouble communicating using encrypted password storage. + </para> + <para> See the chapter on client authentication in the <citetitle>Administrator's Guide</citetitle> for details on how to set up authentication mechanisms. diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index d4d4dd8d538..6e80adf00eb 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -1,5 +1,5 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.74 2001/08/09 16:20:43 petere Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.75 2001/08/15 18:42:14 momjian Exp $ --> <Chapter Id="runtime"> @@ -968,6 +968,18 @@ env PGOPTIONS='-c geqo=off' psql <para> <variablelist> <varlistentry> + <term>AUSTRALIAN_TIMEZONES (<type>bool</type>)</term> + <listitem> + <para> + If set to true, <literal>CST</literal>, <literal>EST</literal>, + and <literal>SAT</literal> are interpreted as Australian + timezones rather than as North American Central/Eastern + Timezones and Saturday. The default is false. + </para> + </listitem> + </varlistentry> + + <varlistentry> <indexterm> <primary>deadlock</primary> <secondary>timeout</secondary> @@ -1261,18 +1273,6 @@ dynamic_library_path = '/usr/local/lib:/home/my_project/lib:$libdir:$libdir/cont </varlistentry> <varlistentry> - <term>AUSTRALIAN_TIMEZONES (<type>bool</type>)</term> - <listitem> - <para> - If set to true, <literal>CST</literal>, <literal>EST</literal>, - and <literal>SAT</literal> are interpreted as Australian - timezones rather than as North American Central/Eastern - Timezones and Saturday. The default is false. - </para> - </listitem> - </varlistentry> - - <varlistentry> <indexterm> <primary>SSL</primary> </indexterm> |