|
|
|
@ -1,4 +1,4 @@ |
|
|
|
<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.131 2010/02/03 17:25:05 momjian Exp $ --> |
|
|
|
<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.132 2010/02/20 19:21:14 momjian Exp $ --> |
|
|
|
|
|
|
|
|
|
|
|
<chapter id="client-authentication"> |
|
|
|
<chapter id="client-authentication"> |
|
|
|
<title>Client Authentication</title> |
|
|
|
<title>Client Authentication</title> |
|
|
|
@ -824,23 +824,28 @@ omicron bryanh guest1 |
|
|
|
The following configuration options are supported for <productname>GSSAPI</productname>: |
|
|
|
The following configuration options are supported for <productname>GSSAPI</productname>: |
|
|
|
<variablelist> |
|
|
|
<variablelist> |
|
|
|
<varlistentry> |
|
|
|
<varlistentry> |
|
|
|
<term><literal>map</literal></term> |
|
|
|
<term><literal>include_realm</literal></term> |
|
|
|
<listitem> |
|
|
|
<listitem> |
|
|
|
<para> |
|
|
|
<para> |
|
|
|
Allows for mapping between system and database usernames. See |
|
|
|
If set to <literal>1</>, the realm name from the authenticated user |
|
|
|
<xref linkend="auth-username-maps"> for details. |
|
|
|
principal is included in the system user name that's passed through |
|
|
|
|
|
|
|
username mapping (<xref linkend="auth-username-maps">). This is |
|
|
|
|
|
|
|
useful for handling users from multiple realms. |
|
|
|
</para> |
|
|
|
</para> |
|
|
|
</listitem> |
|
|
|
</listitem> |
|
|
|
</varlistentry> |
|
|
|
</varlistentry> |
|
|
|
|
|
|
|
|
|
|
|
<varlistentry> |
|
|
|
<varlistentry> |
|
|
|
<term><literal>include_realm</literal></term> |
|
|
|
<term><literal>map</literal></term> |
|
|
|
<listitem> |
|
|
|
<listitem> |
|
|
|
<para> |
|
|
|
<para> |
|
|
|
If set to <literal>1</>, the realm name from the authenticated user |
|
|
|
Allows for mapping between system and database usernames. See |
|
|
|
principal is included in the system user name that's passed through |
|
|
|
<xref linkend="auth-username-maps"> for details. For a Kerboros |
|
|
|
username mapping (<xref linkend="auth-username-maps">). This is |
|
|
|
principal <literal>username/hostbased@EXAMPLE.COM</literal>, the |
|
|
|
useful for handling users from multiple realms. |
|
|
|
username used for mapping is <literal>username/hostbased</literal> |
|
|
|
|
|
|
|
if <literal>include_realm</literal> is disabled, and |
|
|
|
|
|
|
|
<literal>username/hostbased@EXAMPLE.COM</literal> if |
|
|
|
|
|
|
|
<literal>include_realm</literal> is enabled. |
|
|
|
</para> |
|
|
|
</para> |
|
|
|
</listitem> |
|
|
|
</listitem> |
|
|
|
</varlistentry> |
|
|
|
</varlistentry> |
|
|
|
@ -1027,10 +1032,10 @@ omicron bryanh guest1 |
|
|
|
<para> |
|
|
|
<para> |
|
|
|
When connecting to the database make sure you have a ticket for a |
|
|
|
When connecting to the database make sure you have a ticket for a |
|
|
|
principal matching the requested database user name. For example, for |
|
|
|
principal matching the requested database user name. For example, for |
|
|
|
database user name <literal>fred</>, both principal |
|
|
|
database user name <literal>fred</>, principal |
|
|
|
<literal>fred@EXAMPLE.COM</> and |
|
|
|
<literal>fred@EXAMPLE.COM</> would be able to connect. To also allow |
|
|
|
<literal>fred/users.example.com@EXAMPLE.COM</> could be used to |
|
|
|
principle <literal>fred/users.example.com@EXAMPLE.COM</>, use a username |
|
|
|
authenticate to the database server. |
|
|
|
map, as described in <xref linkend="auth-username-maps">. |
|
|
|
</para> |
|
|
|
</para> |
|
|
|
|
|
|
|
|
|
|
|
<para> |
|
|
|
<para> |
|
|
|
|
Bruce Momjian
16 years ago