Doc: add a short summary of available authentication methods.

The "auth-methods"  used to include descriptions of all our
authentication methods.  Commit 56811e573 promoted its child 's
to 's, which has advantages but also created some issues:
* The auth-methods page itself is essentially empty/useless.
* Links that pointed to "auth-methods" as a placeholder for all
auth methods were rendered a bit nonsensical.
* DocBook no longer provides a subsection table-of-contents here,
which formerly was a useful if terse summary of available auth methods.

To improve matters, add a handwritten list of all the auth methods.

Per gripe from Dave Cramer.  Back-patch to v11 where the previous
commit came in.

Discussion: https://postgr.es/m/CADK3HH+xQLhcPgg=kWqfogtXGGZr-JdSo=x=WQC0PkAVyxUWyQ@mail.gmail.com

diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index 36e5a5d9a8631f438bf0d9f31e74e325981a7001..5f1eec78fb64f722de6a30ea2cde9849bd37a2b9 100644 (file)
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -911,8 +911,101 @@ omicron         bryanh                  guest1
 
  
   Authentication Methods
+
+  
+   PostgreSQL provides various methods for
+   authenticating users:
+
+   
+    
+     
+      Trust authentication, which
+      simply trusts that users are who they say they are.
+     
+    
+    
+     
+      Password authentication, which
+      requires that users send a password.
+     
+    
+    
+     
+      GSSAPI authentication, which
+      relies on a GSSAPI-compatible security library.  Typically this is
+      used to access an authentication server such as a Kerberos or
+      Microsoft Active Directory server.
+     
+    
+    
+     
+      SSPI authentication, which
+      uses a Windows-specific protocol similar to GSSAPI.
+     
+    
+    
+     
+      Ident authentication, which
+      relies on an Identification Protocol (RFC 1413)
+      service on the client's machine.  (On local Unix-socket connections,
+      this is treated as peer authentication.)
+     
+    
+    
+     
+      Peer authentication, which
+      relies on operating system facilities to identify the process at the
+      other end of a local connection.  This is not supported for remote
+      connections.
+     
+    
+    
+     
+      LDAP authentication, which
+      relies on an LDAP authentication server.
+     
+    
+    
+     
+      RADIUS authentication, which
+      relies on a RADIUS authentication server.
+     
+    
+    
+     
+      Certificate authentication, which
+      requires an SSL connection and authenticates users by checking the
+      SSL certificate they send.
+     
+    
+    
+     
+      PAM authentication, which
+      relies on a PAM (Pluggable Authentication Modules) library.
+     
+    
+    
+     
+      BSD authentication, which
+      relies on the BSD Authentication framework (currently available
+      only on OpenBSD).
+     
+    
+   
+  
+
+  
+   Peer authentication is usually recommendable for local connections,
+   though trust authentication might be sufficient in some circumstances.
+   Password authentication is the easiest choice for remote connections.
+   All the other options require some kind of external security
+   infrastructure (usually an authentication server or a certificate
+   authority for issuing SSL certificates), or are platform-specific.
+  
+
   
-   The following sections describe the authentication methods in more detail.
+   The following sections describe each of these authentication methods
+   in more detail.