public inbox for [email protected]help / color / mirror / Atom feed
client auth docs seem to have devolved 11+ messages / 4 participants [nested] [flat]
* client auth docs seem to have devolved @ 2019-12-17 11:42 Dave Cramer <[email protected]> 0 siblings, 1 reply; 11+ messages in thread From: Dave Cramer @ 2019-12-17 11:42 UTC (permalink / raw) To: PostgreSQL-development <[email protected]>; PostgreSQL WWW <[email protected]> While following an old link to https://www.postgresql.org/docs/10/auth-methods.html I see a list of links to authentication methods. However: When I hit the current version https://www.postgresql.org/docs/current/auth-methods.html There are absolutely no links... Dave Cramer ^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: client auth docs seem to have devolved @ 2019-12-17 11:53 Magnus Hagander <[email protected]> parent: Dave Cramer <[email protected]> 0 siblings, 1 reply; 11+ messages in thread From: Magnus Hagander @ 2019-12-17 11:53 UTC (permalink / raw) To: Dave Cramer <[email protected]>; +Cc: PostgreSQL-development <[email protected]>; PostgreSQL WWW <[email protected]> On Tue, Dec 17, 2019 at 12:43 PM Dave Cramer <[email protected]> wrote: > While following an old link to > https://www.postgresql.org/docs/10/auth-methods.html > > I see a list of links to authentication methods. However: > > When I hit the current version > https://www.postgresql.org/docs/current/auth-methods.html > > There are absolutely no links... > > That's because the structure of the docs changed. You need to hit "up", which will take you to https://www.postgresql.org/docs/current/client-authentication.html, which now has the list of links. Note how the different methods used to be 20.3.x, and are now directly listed as 20.y. I'm unsure if that was intentional in the upstream docs, but that's what makes the website behave like it does. -- Magnus Hagander Me: https://www.hagander.net/ <http://www.hagander.net/; Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/; ^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: client auth docs seem to have devolved @ 2019-12-17 12:02 Dave Cramer <[email protected]> parent: Magnus Hagander <[email protected]> 0 siblings, 1 reply; 11+ messages in thread From: Dave Cramer @ 2019-12-17 12:02 UTC (permalink / raw) To: Magnus Hagander <[email protected]>; +Cc: PostgreSQL-development <[email protected]>; PostgreSQL WWW <[email protected]> On Tue, 17 Dec 2019 at 06:53, Magnus Hagander <[email protected]> wrote: > On Tue, Dec 17, 2019 at 12:43 PM Dave Cramer <[email protected]> wrote: > >> While following an old link to >> https://www.postgresql.org/docs/10/auth-methods.html >> >> I see a list of links to authentication methods. However: >> >> When I hit the current version >> https://www.postgresql.org/docs/current/auth-methods.html >> >> There are absolutely no links... >> >> > That's because the structure of the docs changed. You need to hit "up", > which will take you to > https://www.postgresql.org/docs/current/client-authentication.html, which > now has the list of links. Note how the different methods used to be > 20.3.x, and are now directly listed as 20.y. > > I'm unsure if that was intentional in the upstream docs, but that's what > makes the website behave like it does. > Fair enough but 20.3. Authentication Methods The following sections describe the authentication methods in more detail. certainly is misleading. Thanks, Dave > ^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: client auth docs seem to have devolved @ 2019-12-17 12:06 Magnus Hagander <[email protected]> parent: Dave Cramer <[email protected]> 0 siblings, 1 reply; 11+ messages in thread From: Magnus Hagander @ 2019-12-17 12:06 UTC (permalink / raw) To: Dave Cramer <[email protected]>; Peter Eisentraut <[email protected]>; +Cc: PostgreSQL-development <[email protected]>; PostgreSQL WWW <[email protected]> On Tue, Dec 17, 2019 at 1:02 PM Dave Cramer <[email protected]> wrote: > On Tue, 17 Dec 2019 at 06:53, Magnus Hagander <[email protected]> wrote: > >> On Tue, Dec 17, 2019 at 12:43 PM Dave Cramer <[email protected]> >> wrote: >> >>> While following an old link to >>> https://www.postgresql.org/docs/10/auth-methods.html >>> >>> I see a list of links to authentication methods. However: >>> >>> When I hit the current version >>> https://www.postgresql.org/docs/current/auth-methods.html >>> >>> There are absolutely no links... >>> >>> >> That's because the structure of the docs changed. You need to hit "up", >> which will take you to >> https://www.postgresql.org/docs/current/client-authentication.html, >> which now has the list of links. Note how the different methods used to be >> 20.3.x, and are now directly listed as 20.y. >> >> I'm unsure if that was intentional in the upstream docs, but that's what >> makes the website behave like it does. >> > > Fair enough but > > 20.3. Authentication Methods > The following sections describe the authentication methods in more detail. > > certainly is misleading. > > This was changed by Peter in commit 56811e57323faa453947eb82f007e323a952e1a1 along with the restructuring. It used to say "the following subsections". So techically I think that change is correct, but that doesn't necessarily make it helpful. But based on how it actually renders, since that section doesn't contain any actual useful info, we should perhaps just remove section 20.3 completely. Peter, thoughts? -- Magnus Hagander Me: https://www.hagander.net/ <http://www.hagander.net/; Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/; ^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: client auth docs seem to have devolved @ 2019-12-17 16:01 Tom Lane <[email protected]> parent: Magnus Hagander <[email protected]> 0 siblings, 3 replies; 11+ messages in thread From: Tom Lane @ 2019-12-17 16:01 UTC (permalink / raw) To: Magnus Hagander <[email protected]>; +Cc: Dave Cramer <[email protected]>; Peter Eisentraut <[email protected]>; PostgreSQL-development <[email protected]>; PostgreSQL WWW <[email protected]> Magnus Hagander <[email protected]> writes: > This was changed by Peter in > commit 56811e57323faa453947eb82f007e323a952e1a1 along with the > restructuring. It used to say "the following subsections". So techically I > think that change is correct, but that doesn't necessarily make it helpful. > But based on how it actually renders, since that section doesn't contain > any actual useful info, we should perhaps just remove section 20.3 > completely. Peter, thoughts? Then, URLs pointing to that page (such as Dave evidently has bookmarked) would break entirely, which doesn't seem like an improvement. I suggest changing the sect1's contents to be a list of available auth methods, linked to their subsections. That would provide approximately the same quality-of-use as the subsection TOC that used to be there. regards, tom lane ^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: client auth docs seem to have devolved @ 2019-12-17 16:38 Dave Cramer <[email protected]> parent: Tom Lane <[email protected]> 2 siblings, 0 replies; 11+ messages in thread From: Dave Cramer @ 2019-12-17 16:38 UTC (permalink / raw) To: Tom Lane <[email protected]>; +Cc: Magnus Hagander <[email protected]>; Peter Eisentraut <[email protected]>; PostgreSQL-development <[email protected]>; PostgreSQL WWW <[email protected]> > Then, URLs pointing to that page (such as Dave evidently has bookmarked) > would break entirely, which doesn't seem like an improvement. > it was linked to in a bug report. Dave Cramer ^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: client auth docs seem to have devolved @ 2019-12-17 19:58 Magnus Hagander <[email protected]> parent: Tom Lane <[email protected]> 2 siblings, 1 reply; 11+ messages in thread From: Magnus Hagander @ 2019-12-17 19:58 UTC (permalink / raw) To: Tom Lane <[email protected]>; +Cc: Dave Cramer <[email protected]>; Peter Eisentraut <[email protected]>; PostgreSQL-development <[email protected]>; PostgreSQL WWW <[email protected]> On Tue, Dec 17, 2019 at 5:01 PM Tom Lane <[email protected]> wrote: > Magnus Hagander <[email protected]> writes: > > This was changed by Peter in > > commit 56811e57323faa453947eb82f007e323a952e1a1 along with the > > restructuring. It used to say "the following subsections". So techically > I > > think that change is correct, but that doesn't necessarily make it > helpful. > > > But based on how it actually renders, since that section doesn't contain > > any actual useful info, we should perhaps just remove section 20.3 > > completely. Peter, thoughts? > > Then, URLs pointing to that page (such as Dave evidently has bookmarked) > would break entirely, which doesn't seem like an improvement. > Ugh, that's a good point of course. Didn't think of that. I suggest changing the sect1's contents to be a list of available auth > methods, linked to their subsections. That would provide approximately > the same quality-of-use as the subsection TOC that used to be there. > Yeah, that sounds better. Is there some docbook magic that can do that for us? -- Magnus Hagander Me: https://www.hagander.net/ <http://www.hagander.net/; Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/; ^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: client auth docs seem to have devolved @ 2019-12-17 20:42 Tom Lane <[email protected]> parent: Magnus Hagander <[email protected]> 0 siblings, 0 replies; 11+ messages in thread From: Tom Lane @ 2019-12-17 20:42 UTC (permalink / raw) To: Magnus Hagander <[email protected]>; +Cc: Dave Cramer <[email protected]>; Peter Eisentraut <[email protected]>; PostgreSQL-development <[email protected]>; PostgreSQL WWW <[email protected]> Magnus Hagander <[email protected]> writes: > On Tue, Dec 17, 2019 at 5:01 PM Tom Lane <[email protected]> wrote: >> I suggest changing the sect1's contents to be a list of available auth >> methods, linked to their subsections. That would provide approximately >> the same quality-of-use as the subsection TOC that used to be there. > Yeah, that sounds better. Is there some docbook magic that can do that for > us? I was just intending to do it the hard way, since even if such magic exists, it'd probably only regurgitate the section titles. It seems more useful to allow for some descriptive text along with that. (Not a lot, but maybe a full sentence for each one.) regards, tom lane ^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: client auth docs seem to have devolved @ 2019-12-18 18:07 Tom Lane <[email protected]> parent: Tom Lane <[email protected]> 2 siblings, 1 reply; 11+ messages in thread From: Tom Lane @ 2019-12-18 18:07 UTC (permalink / raw) To: Magnus Hagander <[email protected]>; +Cc: Stephen Frost <[email protected]>; Dave Cramer <[email protected]>; Peter Eisentraut <[email protected]>; PostgreSQL-development <[email protected]>; [email protected] I wrote: > Magnus Hagander <[email protected]> writes: >> This was changed by Peter in >> commit 56811e57323faa453947eb82f007e323a952e1a1 along with the >> restructuring. It used to say "the following subsections". So techically I >> think that change is correct, but that doesn't necessarily make it helpful. >> But based on how it actually renders, since that section doesn't contain >> any actual useful info, we should perhaps just remove section 20.3 >> completely. Peter, thoughts? > Then, URLs pointing to that page (such as Dave evidently has bookmarked) > would break entirely, which doesn't seem like an improvement. Also, our docs' own internal links to that section would break --- there are built-in assumptions that there's one pointable-to place that explains all the auth methods. > I suggest changing the sect1's contents to be a list of available auth > methods, linked to their subsections. That would provide approximately > the same quality-of-use as the subsection TOC that used to be there. Concretely, I propose the attached. Anybody want to editorialize on my short descriptions of the auth methods? regards, tom lane Attachments: [text/x-diff] provide-summary-of-auth-methods-1.patch (3.6K, 2-provide-summary-of-auth-methods-1.patch) download | inline diff: diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index 36e5a5d..6af1cf5 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -911,8 +911,103 @@ omicron bryanh guest1 <sect1 id="auth-methods"> <title>Authentication Methods</title> + + <para> + <productname>PostgreSQL</productname> provides various methods for + authenticating users: + + <itemizedlist> + <listitem> + <para> + <link linkend="auth-trust">Trust authentication</link>, which + simply trusts that users are who they say they are. + </para> + </listitem> + <listitem> + <para> + <link linkend="auth-password">Password authentication</link>, which + requires that the user send a password. + </para> + </listitem> + <listitem> + <para> + <link linkend="gssapi-auth">GSSAPI authentication</link>, which + relies on a GSSAPI-compatible security library; typically this is + used to access an authentication server such as a Kerberos or + Microsoft Active Directory server. + </para> + </listitem> + <listitem> + <para> + <link linkend="sspi-auth">SSPI authentication</link>, which + uses a Windows-specific protocol similar to GSSAPI. + </para> + </listitem> + <listitem> + <para> + <link linkend="auth-ident">Ident authentication</link>, which + relies on an <quote>Identification Protocol</quote> (RFC 1413) + service on the client's machine. (On local Unix-socket connections, + this is treated as peer authentication.) + </para> + </listitem> + <listitem> + <para> + <link linkend="auth-peer">Peer authentication</link>, which + relies on operating system facilities to identify the process at the + other end of a local connection. This is not supported for remote + connections. + </para> + </listitem> + <listitem> + <para> + <link linkend="auth-ldap">LDAP authentication</link>, which + relies on an LDAP authentication server. + </para> + </listitem> + <listitem> + <para> + <link linkend="auth-radius">RADIUS authentication</link>, which + relies on a RADIUS authentication server. + </para> + </listitem> + <listitem> + <para> + <link linkend="auth-cert">Certificate authentication</link>, which + requires an SSL connection and authenticates users by checking the + SSL certificate they send. + </para> + </listitem> + <listitem> + <para> + <link linkend="auth-pam">PAM authentication</link>, which + relies on a PAM (Pluggable Authentication Modules) library. + In most configurations this ends up being a variant of password + authentication. + </para> + </listitem> + <listitem> + <para> + <link linkend="auth-bsd">BSD authentication</link>, which + relies on the BSD Authentication framework (currently available + only on OpenBSD). + </para> + </listitem> + </itemizedlist> + </para> + + <para> + Peer authentication is usually recommendable for local connections, + though trust authentication might be sufficient in some circumstances. + Password authentication is the easiest choice for remote connections; + all the other options require some sort of external security + infrastructure, usually an authentication server or a certificate + authority for issuing SSL certificates. + </para> + <para> - The following sections describe the authentication methods in more detail. + The following sections describe each of these authentication methods + in more detail. </para> </sect1> ^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: client auth docs seem to have devolved @ 2019-12-19 14:44 Tom Lane <[email protected]> parent: Tom Lane <[email protected]> 0 siblings, 1 reply; 11+ messages in thread From: Tom Lane @ 2019-12-19 14:44 UTC (permalink / raw) To: Magnus Hagander <[email protected]>; +Cc: Stephen Frost <[email protected]>; Dave Cramer <[email protected]>; Peter Eisentraut <[email protected]>; PostgreSQL-development <[email protected]>; [email protected] I wrote: > Concretely, I propose the attached. Anybody want to editorialize on > my short descriptions of the auth methods? Pushed after a bit more fiddling with the wording. regards, tom lane ^ permalink raw reply [nested|flat] 11+ messages in thread
* Re: client auth docs seem to have devolved @ 2019-12-19 15:26 Alvaro Herrera <[email protected]> parent: Tom Lane <[email protected]> 0 siblings, 0 replies; 11+ messages in thread From: Alvaro Herrera @ 2019-12-19 15:26 UTC (permalink / raw) To: Tom Lane <[email protected]>; +Cc: Magnus Hagander <[email protected]>; Stephen Frost <[email protected]>; Dave Cramer <[email protected]>; Peter Eisentraut <[email protected]>; PostgreSQL-development <[email protected]>; [email protected] On 2019-Dec-19, Tom Lane wrote: > I wrote: > > Concretely, I propose the attached. Anybody want to editorialize on > > my short descriptions of the auth methods? > > Pushed after a bit more fiddling with the wording. Looks good, thanks. -- Álvaro Herrera https://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services ^ permalink raw reply [nested|flat] 11+ messages in thread
end of thread, other threads:[~2019-12-19 15:26 UTC | newest] Thread overview: 11+ messages (download: mbox mbox.gz follow: Atom feed) -- links below jump to the message on this page -- 2019-12-17 11:42 client auth docs seem to have devolved Dave Cramer <[email protected]> 2019-12-17 11:53 ` Magnus Hagander <[email protected]> 2019-12-17 12:02 ` Dave Cramer <[email protected]> 2019-12-17 12:06 ` Magnus Hagander <[email protected]> 2019-12-17 16:01 ` Tom Lane <[email protected]> 2019-12-17 16:38 ` Dave Cramer <[email protected]> 2019-12-17 19:58 ` Magnus Hagander <[email protected]> 2019-12-17 20:42 ` Tom Lane <[email protected]> 2019-12-18 18:07 ` Tom Lane <[email protected]> 2019-12-19 14:44 ` Tom Lane <[email protected]> 2019-12-19 15:26 ` Alvaro Herrera <[email protected]>
This inbox is served by agora; see mirroring instructions for how to clone and mirror all data and code used for this inbox