Better document use of ident on localhost, per Tom Lane's idea.

25 years ago · 461ea6b796
parent 357d9bdce5
commit 461ea6b796
2 changed files with 30 additions and 26 deletions
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@ -1,4 +1,4 @@
-<!-- $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.11 2001/05/12 22:51:34 petere Exp $ -->
+<!-- $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.12 2001/07/11 20:32:10 momjian Exp $ -->

 <chapter id="client-authentication">
 <title>Client Authentication</title>
@ -242,7 +242,10 @@ hostssl <replaceable>database</replaceable> <replaceable>IP-address</replaceable
          of the connecting user. <productname>Postgres</productname>
          then verifies whether the so identified operating system user
          is allowed to connect as the database user that is requested.
-	  This is only available for TCP/IP connections.
+	  This is only available for TCP/IP connections.  It can be used
+	  on the local machine by specifying the localhost address 127.0.0.1.
+         </para>
+         <para>
          The <replaceable>authentication option</replaceable> following
          the <literal>ident</> keyword specifies the name of an
          <firstterm>ident map</firstterm> that specifies which operating
@ -553,7 +556,8 @@ host         all        192.168.0.0    255.255.0.0        ident     omicron
     <attribution>RFC 1413</attribution>
     <para>
      The Identification Protocol is not intended as an authorization
-      or access control protocol.
+      or access control protocol.  You must trust the machine running the
+      ident server.
     </para>
    </blockquote>
   </para>
--- a/src/backend/libpq/pg_hba.conf.sample
+++ b/src/backend/libpq/pg_hba.conf.sample
@ -125,13 +125,13 @@
 #		secondary passwords.
 # 
 #   ident:	Authentication is done by the ident server on the local
-#   		or remote host. AUTH_ARGUMENT is required and maps names 
-#		found in the $PGDATA/pg_ident.conf file. The connection
-#   		is accepted if the file contains an entry for this map
-#   		name with the ident-supplied username and the requested
-#   		PostgreSQL username. The special map name "sameuser"
-#   		indicates an implied map (not in pg_ident.conf) that
-#   		maps each ident username to the identical PostgreSQL 
+#		(127.0.0.1) or remote host. AUTH_ARGUMENT is required and
+#		maps names found in the $PGDATA/pg_ident.conf file. The 
+#		connection is accepted if the file contains an entry for
+#		this map name with the ident-supplied username and the 
+#		requested PostgreSQL username. The special map name 
+#		"sameuser" indicates an implied map (not in pg_ident.conf)
+#		that maps each ident username to the identical PostgreSQL 
 #		username.
 # 
 #   krb4:	Kerberos V4 authentication is used.