Clarify documentation about username mapping when authenticating with

GSSAPI or Kerberos. Ian Turner
2025-06-05 23:56:58 +03:00 · 2010-02-20 19:21:14 +00:00 · 2010-02-20 19:21:14 +00:00 · 786e2f6871
commit 786e2f6871
parent de9ec65431
1 changed files with 20 additions and 15 deletions
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.131 2010/02/03 17:25:05 momjian Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.132 2010/02/20 19:21:14 momjian Exp $ -->
 <chapter id="client-authentication">
 <title>Client Authentication</title>
@ -823,16 +823,6 @@ omicron         bryanh                  guest1
   <para>
    The following configuration options are supported for <productname>GSSAPI</productname>:
    <variablelist>
     <varlistentry>
      <term><literal>map</literal></term>
      <listitem>
       <para>
        Allows for mapping between system and database usernames. See
        <xref linkend="auth-username-maps"> for details.
       </para>
      </listitem>
     </varlistentry>
     <varlistentry>
      <term><literal>include_realm</literal></term>
      <listitem>
@ -845,6 +835,21 @@ omicron         bryanh                  guest1
      </listitem>
     </varlistentry>
     <varlistentry>
      <term><literal>map</literal></term>
      <listitem>
       <para>
        Allows for mapping between system and database usernames. See
        <xref linkend="auth-username-maps"> for details. For a Kerboros
        principal <literal>username/hostbased@EXAMPLE.COM</literal>, the
        username used for mapping is <literal>username/hostbased</literal>
        if <literal>include_realm</literal> is disabled, and
        <literal>username/hostbased@EXAMPLE.COM</literal> if
        <literal>include_realm</literal> is enabled.
       </para>
      </listitem>
     </varlistentry>
     <varlistentry>
      <term><literal>krb_realm</literal></term>
      <listitem>
@ -1027,10 +1032,10 @@ omicron         bryanh                  guest1
   <para>
    When connecting to the database make sure you have a ticket for a
    principal matching the requested database user name. For example, for
-    database user name <literal>fred</>, both principal
+    database user name <literal>fred</>, principal
-    <literal>fred@EXAMPLE.COM</> and
+    <literal>fred@EXAMPLE.COM</> would be able to connect. To also allow
-    <literal>fred/users.example.com@EXAMPLE.COM</> could be used to
+    principle <literal>fred/users.example.com@EXAMPLE.COM</>, use a username
-    authenticate to the database server.
+    map, as described in <xref linkend="auth-username-maps">.
   </para>
   <para>