projects / postgresql.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: de9ec65)
Clarify documentation about username mapping when authenticating with
authorBruce Momjian
Sat, 20 Feb 2010 19:21:14 +0000 (19:21 +0000)
committerBruce Momjian
Sat, 20 Feb 2010 19:21:14 +0000 (19:21 +0000)
GSSAPI or Kerberos.

Ian Turner

doc/src/sgml/client-auth.sgml patch | blob | blame | history

diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index feb9511c5e6c79398bb5187a64a485fa654e1706..26a7de6d0a8a063246457440b0b09f106b4eddc8 100644 (file)
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -1,4 +1,4 @@
-
+
 
 
  Client Authentication
@@ -824,23 +824,28 @@ omicron         bryanh                  guest1
     The following configuration options are supported for GSSAPI:
     
      
-      map
+      include_realm
       
        
-        Allows for mapping between system and database usernames. See
-         for details.
+        If set to 1, the realm name from the authenticated user
+        principal is included in the system user name that's passed through
+        username mapping (). This is
+        useful for handling users from multiple realms.
        
       
      
 
      
-      include_realm
+      map
       
        
-        If set to 1, the realm name from the authenticated user
-        principal is included in the system user name that's passed through
-        username mapping (). This is
-        useful for handling users from multiple realms.
+        Allows for mapping between system and database usernames. See
+         for details. For a Kerboros
+        principal username/[email protected], the
+        username used for mapping is username/hostbased
+        if include_realm is disabled, and
+        username/[email protected] if
+        include_realm is enabled.
        
       
      
@@ -1027,10 +1032,10 @@ omicron         bryanh                  guest1
    
     When connecting to the database make sure you have a ticket for a
     principal matching the requested database user name. For example, for
-    database user name fred, both principal
-    [email protected] and
-    fred/[email protected] could be used to
-    authenticate to the database server.
+    database user name fred, principal
+    [email protected] would be able to connect. To also allow
+    principle fred/[email protected], use a username
+    map, as described in .
    
 
    
This is the main PostgreSQL git repository.