Skip to content

Commit 54fbd15

Browse files
tglsfdctglsfdc
committed
Doc: add a short summary of available authentication methods.
The "auth-methods" <sect1> used to include descriptions of all our authentication methods. Commit 56811e5 promoted its child <sect2>'s to <sect1>'s, which has advantages but also created some issues: * The auth-methods page itself is essentially empty/useless. * Links that pointed to "auth-methods" as a placeholder for all auth methods were rendered a bit nonsensical. * DocBook no longer provides a subsection table-of-contents here, which formerly was a useful if terse summary of available auth methods. To improve matters, add a handwritten list of all the auth methods. Per gripe from Dave Cramer. Back-patch to v11 where the previous commit came in. Discussion: https://postgr.es/m/CADK3HH+xQLhcPgg=kWqfogtXGGZr-JdSo=x=WQC0PkAVyxUWyQ@mail.gmail.com
1 parent 7cdcc74 commit 54fbd15

File tree

1 file changed

+94
-1
lines changed

1 file changed

+94
-1
lines changed

doc/src/sgml/client-auth.sgml

+94-1
Original file line numberDiff line numberDiff line change
@@ -911,8 +911,101 @@ omicron bryanh guest1
911911

912912
<sect1 id="auth-methods">
913913
<title>Authentication Methods</title>
914+
915+
<para>
916+
<productname>PostgreSQL</productname> provides various methods for
917+
authenticating users:
918+
919+
<itemizedlist>
920+
<listitem>
921+
<para>
922+
<link linkend="auth-trust">Trust authentication</link>, which
923+
simply trusts that users are who they say they are.
924+
</para>
925+
</listitem>
926+
<listitem>
927+
<para>
928+
<link linkend="auth-password">Password authentication</link>, which
929+
requires that users send a password.
930+
</para>
931+
</listitem>
932+
<listitem>
933+
<para>
934+
<link linkend="gssapi-auth">GSSAPI authentication</link>, which
935+
relies on a GSSAPI-compatible security library. Typically this is
936+
used to access an authentication server such as a Kerberos or
937+
Microsoft Active Directory server.
938+
</para>
939+
</listitem>
940+
<listitem>
941+
<para>
942+
<link linkend="sspi-auth">SSPI authentication</link>, which
943+
uses a Windows-specific protocol similar to GSSAPI.
944+
</para>
945+
</listitem>
946+
<listitem>
947+
<para>
948+
<link linkend="auth-ident">Ident authentication</link>, which
949+
relies on an <quote>Identification Protocol</quote> (RFC 1413)
950+
service on the client's machine. (On local Unix-socket connections,
951+
this is treated as peer authentication.)
952+
</para>
953+
</listitem>
954+
<listitem>
955+
<para>
956+
<link linkend="auth-peer">Peer authentication</link>, which
957+
relies on operating system facilities to identify the process at the
958+
other end of a local connection. This is not supported for remote
959+
connections.
960+
</para>
961+
</listitem>
962+
<listitem>
963+
<para>
964+
<link linkend="auth-ldap">LDAP authentication</link>, which
965+
relies on an LDAP authentication server.
966+
</para>
967+
</listitem>
968+
<listitem>
969+
<para>
970+
<link linkend="auth-radius">RADIUS authentication</link>, which
971+
relies on a RADIUS authentication server.
972+
</para>
973+
</listitem>
974+
<listitem>
975+
<para>
976+
<link linkend="auth-cert">Certificate authentication</link>, which
977+
requires an SSL connection and authenticates users by checking the
978+
SSL certificate they send.
979+
</para>
980+
</listitem>
981+
<listitem>
982+
<para>
983+
<link linkend="auth-pam">PAM authentication</link>, which
984+
relies on a PAM (Pluggable Authentication Modules) library.
985+
</para>
986+
</listitem>
987+
<listitem>
988+
<para>
989+
<link linkend="auth-bsd">BSD authentication</link>, which
990+
relies on the BSD Authentication framework (currently available
991+
only on OpenBSD).
992+
</para>
993+
</listitem>
994+
</itemizedlist>
995+
</para>
996+
997+
<para>
998+
Peer authentication is usually recommendable for local connections,
999+
though trust authentication might be sufficient in some circumstances.
1000+
Password authentication is the easiest choice for remote connections.
1001+
All the other options require some kind of external security
1002+
infrastructure (usually an authentication server or a certificate
1003+
authority for issuing SSL certificates), or are platform-specific.
1004+
</para>
1005+
9141006
<para>
915-
The following sections describe the authentication methods in more detail.
1007+
The following sections describe each of these authentication methods
1008+
in more detail.
9161009
</para>
9171010
</sect1>
9181011

0 commit comments

Comments
 (0)