open-dsi
/
postgres
mirror of https://github.com/postgres/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

A bit of cleanup after SSL patch. Add it to config file, improve

Browse Source 
documentation.
REL7_1_STABLE
Peter Eisentraut 26 years ago
parent 6dc249610a
commit ffd9aaa0a9
7 changed files with 260 additions and 211 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 314
      doc/src/sgml/client-auth.sgml
  2. 15
      doc/src/sgml/installation.sgml
  3. 107
      doc/src/sgml/runtime.sgml
  4. 20
      src/backend/postmaster/postmaster.c
  5. 3
      src/backend/utils/misc/guc.c
  6. 9
      src/bin/psql/startup.c
  7. 3
      src/include/miscadmin.h

314
doc/src/sgml/client-auth.sgml
Unescape View File

@ -1,4 +1,4 @@
<!-- $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.5 2000/08/29 04:15:43 momjian Exp $ -->
<!-- $Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.6 2000/09/06 19:54:45 petere Exp $ -->
<chapter id="client-authentication">
<title>Client Authentication</title>
@ -45,14 +45,14 @@
of a set of records, one per line. Blank lines and lines beginning
with a hash character (<quote>#</quote>) are ignored. A record is
made up of a number of fields which are separated by spaces and/or
tabs.
tabs and cannot be continued across several lines.
</para>
<para>
A record may have one of the two formats
A record may have one of the three formats
<synopsis>
local <replaceable>database</replaceable> <replaceable>authentication-method</replaceable> [ <replaceable>authentication-option</replaceable> ]
host <replaceable>database</replaceable> <replaceable>IP-address</replaceable> <replaceable>IP-mask</replaceable> <replaceable>authentication-method</replaceable> [ <replaceable>authentication-option</replaceable> ]
local <replaceable>database</replaceable> <replaceable>authentication-method</replaceable> [ <replaceable>authentication-option</replaceable> ]
host <replaceable>database</replaceable> <replaceable>IP-address</replaceable> <replaceable>IP-mask</replaceable> <replaceable>authentication-method</replaceable> [ <replaceable>authentication-option</replaceable> ]
hostssl <replaceable>database</replaceable> <replaceable>IP-address</replaceable> <replaceable>IP-mask</replaceable> <replaceable>authentication-method</replaceable> [ <replaceable>authentication-option</replaceable> ]
</synopsis>
The meaning of the fields is as follows:
@ -85,11 +85,10 @@ hostssl <replaceable>database</replaceable> <replaceable>IP-address</replaceable
<listitem>
<para>
This record pertains to connection attemps with SSL over
TCP/IP. Note that SSL connections are completely disabled
unless the server is started with the <option>-i</option>,
and also require ordinary TCP/IP connections to be enabled.
SSL connections also require SSL support to be enabled in
the backend at compile time.
TCP/IP. To make use of this option the server must be
built with SSL support enabled. Furthermore, SSL must be
enabled with the <option>-l</> option or equivalent configuration
setting when the server is started.
</para>
</listitem>
</varlistentry>
@ -100,7 +99,8 @@ hostssl <replaceable>database</replaceable> <replaceable>IP-address</replaceable
<para>
Specifies the database that this record applies to. The value
<literal>all</literal> specifies that it applies to all
databases.
databases, the value <literal>sameuser</> identifies the
database with the same name as the connecting user.
</para>
</listitem>
</varlistentry>
@ -129,8 +129,108 @@ hostssl <replaceable>database</replaceable> <replaceable>IP-address</replaceable
<term><replaceable>authentication method</replaceable></term>
<listitem>
<para>
Specifies the method a user must use to authenticate themselves
when connecting to that database.
Specifies the method that users must use to authenticate themselves
when connecting to that database. The possible choices follow,
details are in <xref linkend="auth-methods">.
<variablelist>
<varlistentry>
<term>trust</>
<listitem>
<para>
The connection is allowed unconditionally. This method allows
any user that has login access to the client host to connect as
any user whatsoever.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>reject</>
<listitem>
<para>
The connection is rejected unconditionally. This is mostly
useful to <quote>filter out</> certain hosts from a group.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>password</>
<listitem>
<para>
The client is required to supply a password with the connection
attempt which is required to match the password that was set up
for the user.
</para>
<para>
An optional file name may be specified after the
<literal>password</literal> keyword. This file is expected to
contain a list of users that this record pertains to, and
optionally alternative passwords.
</para>
<para>
The password is sent over the wire in clear text. For better
protection, use the <literal>crypt</literal> method.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>crypt</>
<listitem>
<para>
Like the <literal>password</literal> method, but the password
is sent over the wire encrypted using a simple
challenge-response protocol. This is still not
cryptographically secure but it protects against incidental
wire-sniffing. The name of a file may follow the
<literal>crypt</literal> keyword that contains a list of users
that this record pertains to.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>krb4</>
<listitem>
<para>
Kerberos V4 is used to authenticate the user. This is only
available for TCP/IP connections.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>krb5</term>
<listitem>
<para>
Kerberos V5 is used to authenticate the user. This is only
available for TCP/IP connections.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>ident</term>
<listitem>
<para>
The ident server on the client host is asked for the identity
of the connecting user. <productname>Postgres</productname>
then verifies whether the so identified operating system user
is allowed to connect as the database user that is requested.
The <replaceable>authentication option</replaceable> following
the <literal>ident</> keyword specifies the name of an
<firstterm>ident map</firstterm> that specifies which operating
system users equate with which database users. See below for
details.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</listitem>
</varlistentry>
@ -140,15 +240,15 @@ hostssl <replaceable>database</replaceable> <replaceable>IP-address</replaceable
<listitem>
<para>
This field is interpreted differently depending on the
authentication method.
authentication method, as described there.
</para>
</listitem>
</varlistentry>
</variablelist>
The first record that matches a connection attempt is used. Note
that there is no <quote>fall-through</quote> or
<quote>backup</quote>, that is, if one record is chosen and the
The first record that matches a connection attempt is used. There
is no <quote>fall-through</> or <quote>backup</>, that means, if
one record is chosen and the
authentication fails, the following records are not considered. If
no record matches, the access will be denied.
</para>
@ -167,19 +267,42 @@ hostssl <replaceable>database</replaceable> <replaceable>IP-address</replaceable
<example id="example-pg-hba.conf">
<title>An example <filename>pg_hba.conf</filename> file</title>
<programlisting>
# Trust any connection via Unix domain sockets.
local trust
# Trust any connection via TCP/IP from this machine.
host all 127.0.0.1 255.255.255.255 trust
# We don't like this machine.
host all 192.168.0.10 255.255.255.0 reject
# This machine can't encrypt so we ask for passwords in clear.
host all 192.168.0.3 255.255.255.0 password
# The rest of this group of machines should provide encrypted passwords.
host all 192.168.0.0 255.255.255.0 crypt
# Authenticate these networks using ident
host all 192.168.1.0 255.255.255.0 ident usermap
host all 192.168.2.0 255.255.255.0 ident othermap
#TYPE DATABASE IP-ADDRESS MASK AUTHTYPE ARG
# Allow any user on the local system to connect to any database under
# any user name.
#
host all 127.0.0.1 255.255.255.255 trust
# Allow any user from any host with IP address 192.168.93.x to connect
# to database "template1" as the same user name that ident on that
# host identifies him as (typically his Unix user name).
#
host template1 192.168.93.0 255.255.255.0 ident sameuser
# Allow a user from host 192.168.12.10 to connect to database
# "template1" if the user's password in pg_shadow is supplied.
#
host template1 192.168.12.10 255.255.255.255 crypt
# In absence of the other records, this would allow anyone anywhere
# except from 192.168.54.1 to connect to any database under any user
# name.
#
host all 192.168.54.1 255.255.255.255 reject
host all 0.0.0.0 0.0.0.0 trust
# Allow users from 192.168.77.x hosts to connect to any database, but if,
# for example, ident says the user is "bryanh" and he requests to
# connect as PostgreSQL user "guest1", the connection is only allowed if
# there is an entry for map "omicron" in `pg_ident.conf' that says
# "bryanh" is allowed to connect as "guest1".
#
host all 192.168.77.0 255.255.255.0 ident omicron
# Allow all users to connect to all databases via Unix sockets.
#
local all trust
</programlisting>
</example>
</para>
@ -188,104 +311,7 @@ host all 192.168.2.0 255.255.255.0 ident othermap
<sect1 id="auth-methods">
<title>Authentication methods</title>
<para>
The following authentication methods are supported. They are
descibed in detail below.
<variablelist>
<varlistentry>
<term>trust</term>
<listitem>
<para>
The connection is allowed unconditionally. This method allows
any user that has login access to the client host to connect as
any user whatsoever. Use with care.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>reject</term>
<listitem>
<para>
The connection is rejected unconditionally. This is mostly
useful to <quote>filter out</quote> certain hosts from a group.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>password</term>
<listitem>
<para>
The client is required to supply a password with the connection
attempt which is required to match the password that was set up
for the user.
</para>
<para>
An optional file name may be specified after the
<literal>password</literal> keyword. This file is expected to
contain a list of users that this record pertains to, and
optionally alternative passwords.
</para>
<para>
The password is sent over the wire in clear text. For better
protection, use the <literal>crypt</literal> method.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>crypt</term>
<listitem>
<para>
Like the <literal>password</literal> method, but the password
is sent over the wire encrypted using a simple
challenge-response protocol. This is still not
cryptographically secure but it protects against incidental
wire-sniffing. The name of a file may follow the
<literal>crypt</literal> keyword that contains a list of users
that this record pertains to.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>krb4</term>
<listitem>
<para>
Kerberos V4 is used to authenticate the user. This is only
available for TCP/IP connections.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>krb5</term>
<listitem>
<para>
Kerberos V5 is used to authenticate the user. This is only
available for TCP/IP connections.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>ident</term>
<listitem>
<para>
The ident server on the client host is asked for the identity
of the connecting user. <productname>Postgres</productname>
then verifies whether the so identified operating system user
is allowed to connect as the database user that is requested.
The <replaceable>authentication option</replaceable> following
the <literal>ident</> keyword specifies the name of an
<firstterm>ident map</firstterm> that specifies which operating
system users equate with which database users. See below for
details.
</para>
</listitem>
</varlistentry>
</variablelist>
The following describes the authentication methods in detail.
</para>
<sect2>
@ -398,8 +424,8 @@ host all 192.168.2.0 255.255.255.0 ident othermap
<para>
To generate the keytab file, use for example (with version 5)
<screen>
kadmin% <userinput>ank -randkey postgres/server.my.domain.org</>
kadmin% <userinput>ktadd -k krb5.keytab postgres/server.my.domain.org</>
<prompt>kadmin% </><userinput>ank -randkey postgres/server.my.domain.org</>
<prompt>kadmin% </><userinput>ktadd -k krb5.keytab postgres/server.my.domain.org</>
</screen>
Read the <productname>Kerberos</> documentation for defails.
</para>
@ -528,29 +554,26 @@ kadmin% <userinput>ktadd -k krb5.keytab postgres/server.my.domain.org</>
conjunction with the <filename>pg_hba.conf</> file in <xref
linkend="example-pg-hba.conf"> is shown in <xref
linkend="example-pg-ident.conf">. In that example setup, anyone
logged in to a machine on the 192.168.1 network that does not have
the a user name joe, robert, or ann would not be granted access.
logged in to a machine on the 192.168.77 network that does not have
the a user name bryanh, ann, or robert would not be granted access.
Unix user robert would only be allowed access when he tries to
connect as <quote>bob</quote>, not as <quote>robert</quote> or
anyone else. <quote>ann</quote> and <quote>joe</quote> would only
be allowed to connect <quote>as themselves</quote>. On the
192.168.2 network, however, a user <quote>ann</quote> would not be
allowed to connect at all, only the user <quote>bob</> can connect
as <quote>bob</> and some user <quote>karl</> can connect as
<quote>joe</> as well.
anyone else. <quote>ann</quote> would only be allowed to connect
<quote>as herself</>. User bryanh would be allowed to connect as either
<quote>bryanh</> himself or as <quote>guest1</>.
</para>
<example id="example-pg-ident.conf">
<title>An example <filename>pg_ident.conf</> file</title>
<programlisting>
usermap joe joe
# bob has username robert on these machines
usermap robert bob
usermap ann ann
#MAP IDENT-NAME POSTGRESQL-NAME
othermap joe joe
othermap bob bob
othermap karl joe
omicron bryanh bryanh
omicron ann ann
# bob has username robert on these machines
omicron robert bob
# bryanh can also connect as guest1
omicron bryanh guest1
</programlisting>
</example>
</sect2>
@ -605,4 +628,3 @@ FATAL 1: Database testdb does not exist in pg_database
</sect1>
</chapter>

15
doc/src/sgml/installation.sgml
Unescape View File

@ -1,4 +1,4 @@
<!-- $Header: /cvsroot/pgsql/doc/src/sgml/installation.sgml,v 1.16 2000/08/29 20:02:07 momjian Exp $ -->
<!-- $Header: /cvsroot/pgsql/doc/src/sgml/installation.sgml,v 1.17 2000/09/06 19:54:45 petere Exp $ -->
<chapter id="installation">
<title><![%flattext-install-include[<productname>PostgreSQL</> ]]>Installation Instructions</title>
@ -354,7 +354,7 @@ su - postgres
The man pages that come with <productname>PostgreSQL</> will be installed under
this directory, in their respective
<filename>man<replaceable>x</></> subdirectories.
<filename><replaceable>PREFIX</>/man</>.
The default is <filename><replaceable>PREFIX</>/man</>.
</para>
</listitem>
</varlistentry>
@ -581,15 +581,16 @@ su - postgres
<term>--with-openssl=<replaceable>DIRECTORY</></term>
<listitem>
<para>
Build with support for SSL (encrypted) connections.
This requires the OpenSSL library to be installed.
Build with support for <acronym>SSL</> (encrypted) connections.
This requires the <productname>OpenSSL</> package to be installed.
The <replaceable>DIRECTORY</> argument specifies the
root directory of the OpenSSL installation.
root directory of the <productname>OpenSSL</> installation; the
default is <filename>/usr/local/ssl</>.
</para>
<para>
<filename>configure</> will check for the required header
files and libraries to make sure that your OpenSSL
files and libraries to make sure that your <productname>OpenSSL</>
installation is sufficient before proceeding.
</para>
</listitem>
@ -601,7 +602,7 @@ su - postgres
<para>
Enables the <productname>PostgreSQL</> server to use the
syslog logging facility. (Using this option does not mean
that you will have to log with syslog or even that it will be done
that you must log with syslog or even that it will be done
by default, it simply makes it possible to turn this option
on at run time.)
</para>

107
doc/src/sgml/runtime.sgml
Unescape View File

@ -1,5 +1,5 @@
<!--
$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.23 2000/08/29 20:02:07 momjian Exp $
$Header: /cvsroot/pgsql/doc/src/sgml/runtime.sgml,v 1.24 2000/09/06 19:54:45 petere Exp $
-->
<Chapter Id="runtime">
@ -941,18 +941,6 @@ env PGOPTIONS='--geqo=off' psql
</listitem>
</varlistentry>
<varlistentry>
<term>TCPIP_SOCKET (<type>boolean</type>)</term>
<listitem>
<para>
If this is true, then the server will accept TCP/IP
connections. Otherwise only local Unix domain socket
connections are accepted. It is off by default. This option
can only be set at server start.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PORT (<type>integer</type>)</term>
<listitem>
@ -1005,6 +993,29 @@ env PGOPTIONS='--geqo=off' psql
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>SSL (<type>boolean</type>)</term>
<listitem>
<para>
Enables <acronym>SSL</> connections. Please read
<xref linkend="ssl"> before using this. The default
is off.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>TCPIP_SOCKET (<type>boolean</type>)</term>
<listitem>
<para>
If this is true, then the server will accept TCP/IP
connections. Otherwise only local Unix domain socket
connections are accepted. It is off by default. This option
can only be set at server start.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</sect2>
@ -1048,6 +1059,11 @@ env PGOPTIONS='--geqo=off' psql
<entry>tcpip_socket = on</entry>
<entry></entry>
</row>
<row>
<entry>-l</entry>
<entry>ssl = on</entry>
<entry></entry>
</row>
<row>
<entry>-N <replaceable>x</replaceable></entry>
<entry>max_connections = <replaceable>x</replaceable></entry>
@ -1726,64 +1742,66 @@ perl: warning: Falling back to the standard locale ("C").
</para>
</sect1>
<sect1>
<title>Secure TCP/IP Connection with SSL</title>
<sect1 id="ssl">
<title>Secure TCP/IP Connections with SSL</title>
<para>
PostgreSQL has native support for connections over SSL to encrypt
<productname>PostgreSQL</> has native support for connections over
<acronym>SSL</> to encrypt
client/server communications for increased security. This requires
<productname>OpenSSL</productname> to be installed on both client
and server systems and support enabled at compile-time using
the configure script.
and server systems and support enabled at build-time (see <xref
linkend="installation">).
</para>
<para>
With SSL support compiled in, the Postgres backend can be
started with argument -l to enable SSL connections.
When starting in SSL mode, the postmaster will look for the
files <filename>server.key</filename> and
<filename>server.cert</filename> in the <envar>PGDATA</envar>
directory. These files should contain the server private key and
certificate respectively. If the private key is protected with a
passphrase, the postmaster will prompt for the passphrase and not
start until it has been provided.
With SSL support compiled in, the <productname>PostgreSQL</> server
can be started with the argument <option>-l</> (ell) to enable
SSL connections. When starting in SSL mode, the postmaster will look
for the files <filename>server.key</> and <filename>server.crt</> in
the data directory. These files should contain the server private key
and certificate respectively. These files must be set up correctly
before an SSL-enabled server can start. If the private key is protected
with a passphrase, the postmaster will prompt for the passphrase and will
not start until it has been provided.
</para>
<para>
The postmaster will listen for both standard and SSL connections
on the same TCP/IP port, and will negotiate with any connecting
client wether to use SSL or not. Use the <filename>pg_hba.conf</filename>
file to optionally require SSL in order to accept a connection.
client wether to use SSL or not. See <xref linkend="client-authentication">
about how to force on the server side the use of SSL for certain
connections.
</para>
<para>
For details on how to create your server private key and certificate,
refer to the OpenSSL documentation. A simple self-signed certificate
can be used to get started testing, but a certificate signed by a CA
(either one of the global CAs or a local one) should be used in
refer to the <productname>OpenSSL</> documentation. A simple self-signed
certificate can be used to get started testing, but a certificate signed
by a CA (either one of the global CAs or a local one) should be used in
production so the client can verify the servers identity. To create
a quick self-signed certificate, use the <filename>CA.pl</filename>
script included in OpenSSL:
<programlisting>
CA.pl -newcert
CA.pl -newcert
</programlisting>
Fill out the information the script asks for. Make sure to enter
the local hostname as Common Name. The script will generate a key
which is passphrase protected. To remove the passphrase (required
the local host name as Common Name. The script will generate a key
that is passphrase protected. To remove the passphrase (required
if you want automatic start-up of the postmaster), run the command
<programlisting>
openssl x509 -inform PEM -outform PEM -in newreq.pem -out newkey_no_passphrase.pem
openssl x509 -inform PEM -outform PEM -in newreq.pem -out newkey_no_passphrase.pem
</programlisting>
Enter the old passphrase to unlock the existing key. Copy the file
<filename>newreq.pem</filename> to <filename>PGDATA/server.cert</filename>
and <filename>newkey_no_passphrase.pem</filename> to
<filename>PGDATA/server.key</filename>. Remove the PRIVATE KEY part
from the <filename>server.cert</filename> using any text editor.
<filename>newreq.pem</> to <filename><replaceable>PGDATA</>/server.crt</>
and <filename>newkey_no_passphrase.pem</> to
<filename><replaceable>PGDATA</>/server.key</>. Remove the PRIVATE KEY part
from the <filename>server.crt</filename> using any text editor.
</para>
</sect1>
<sect1>
<title>Secure TCP/IP Connection with SSH</title>
<title>Secure TCP/IP Connections with SSH tunnels</title>
<note>
<title>Acknowledgement</title>
@ -1828,6 +1846,13 @@ psql -h localhost -p 3333 template1
terminal session.
</para>
<tip>
<para>
Several other products exist that can provide secure tunnels using
a procedure similar in concept to the one just described.
</para>
</tip>
</sect1>
</Chapter>

20
src/backend/postmaster/postmaster.c
Unescape View File

@ -11,7 +11,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.165 2000/09/06 14:15:19 petere Exp $
* $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.166 2000/09/06 19:54:46 petere Exp $
*
* NOTES
*
@ -193,10 +193,8 @@ static bool Reinit = true;
static int SendStop = false;
bool NetServer = false; /* listen on TCP/IP */
bool EnableSSL = false;
#ifdef USE_SSL
static bool DisableSSL = false; /* Completely disable SSL, even if compiled in */
#endif
static pid_t StartupPID = 0,
ShutdownPID = 0;
@ -452,7 +450,7 @@ PostmasterMain(int argc, char *argv[])
break;
#ifdef USE_SSL
case 'l':
DisableSSL = true;
EnableSSL = true;
break;
#endif
case 'm':
@ -563,13 +561,13 @@ PostmasterMain(int argc, char *argv[])
}
#ifdef USE_SSL
if (!NetServer && !DisableSSL)
if (EnableSSL && !NetServer)
{
fprintf(stderr, "%s: For SSL, you must enable TCP/IP connections. Use -l to disable SSL\n",
fprintf(stderr, "%s: For SSL, TCP/IP connections must be enabled. See -? for help.\n",
progname);
exit(1);
}
if (!DisableSSL)
if (EnableSSL)
InitSSL();
#endif
@ -750,9 +748,9 @@ usage(const char *progname)
printf(" -d 1-5 debugging level\n");
printf(" -D <directory> database directory\n");
printf(" -F turn fsync off\n");
printf(" -i listen on TCP/IP sockets\n");
printf(" -i enable TCP/IP connections\n");
#ifdef USE_SSL
printf(" -l disable SSL\n");
printf(" -l enable SSL connections\n");
#endif
printf(" -N <number> maximum number of allowed connections (1..%d, default %d)\n",
MAXBACKENDS, DEF_MAXBACKENDS);
@ -1060,7 +1058,7 @@ readStartupPacket(void *arg, PacketLen len, void *pkt)
char SSLok;
#ifdef USE_SSL
if (DisableSSL || port->laddr.sa.sa_family != AF_INET)
if (!EnableSSL || port->laddr.sa.sa_family != AF_INET)
/* No SSL when disabled or on Unix sockets */
SSLok = 'N';
else

3
src/backend/utils/misc/guc.c
Unescape View File

@ -4,7 +4,7 @@
* Support for grand unified configuration scheme, including SET
* command, configuration file, and command line options.
*
* $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.10 2000/08/28 11:57:41 petere Exp $
* $Header: /cvsroot/pgsql/src/backend/utils/misc/guc.c,v 1.11 2000/09/06 19:54:47 petere Exp $
*
* Copyright 2000 by PostgreSQL Global Development Group
* Written by Peter Eisentraut <peter_e@gmx.net>.
@ -160,6 +160,7 @@ ConfigureNamesBool[] =
{"geqo", PGC_USERSET, &enable_geqo, true},
{"tcpip_socket", PGC_POSTMASTER, &NetServer, false},
{"ssl", PGC_POSTMASTER, &EnableSSL, false},
{"fsync", PGC_USERSET, &enableFsync, true},
{"log_connections", PGC_SIGHUP, &Log_connections, false},

9
src/bin/psql/startup.c
Unescape View File

@ -3,7 +3,7 @@
*
* Copyright 2000 by PostgreSQL Global Development Group
*
* $Header: /cvsroot/pgsql/src/bin/psql/startup.c,v 1.35 2000/08/30 14:54:23 momjian Exp $
* $Header: /cvsroot/pgsql/src/bin/psql/startup.c,v 1.36 2000/09/06 19:54:48 petere Exp $
*/
#include "postgres.h"
@ -264,12 +264,13 @@ main(int argc, char *argv[])
"Type: \\copyright for distribution terms\n"
" \\h for help with SQL commands\n"
" \\? for help on internal slash commands\n"
" \\g or terminate with semicolon to execute query\n"
" \\g or terminate with semicolon to execute query\n"
" \\q to quit\n\n", pset.progname);
}
#ifdef USE_SSL
printSSLInfo();
printSSLInfo();
#endif
}
SetVariable(pset.vars, "PROMPT1", DEFAULT_PROMPT1);
SetVariable(pset.vars, "PROMPT2", DEFAULT_PROMPT2);
SetVariable(pset.vars, "PROMPT3", DEFAULT_PROMPT3);

3
src/include/miscadmin.h
Unescape View File

@ -12,7 +12,7 @@
* Portions Copyright (c) 1996-2000, PostgreSQL, Inc
* Portions Copyright (c) 1994, Regents of the University of California
*
* $Id: miscadmin.h,v 1.65 2000/09/06 14:15:24 petere Exp $
* $Id: miscadmin.h,v 1.66 2000/09/06 19:54:52 petere Exp $
*
* NOTES
* some of the information in this file will be moved to
@ -107,6 +107,7 @@ extern int SortMem;
configuration file processor has access to them */
extern bool NetServer;
extern bool EnableSSL;
extern int MaxBackends;
extern int NBuffers;
extern int PostPortName;

Write Preview
Loading…
Cancel
Save