public inbox for [email protected]
help / color / mirror / Atom feedFrom: Scott Marlowe <[email protected]>
To: Tom Lane <[email protected]>
Cc: [email protected]
Subject: Re: order of entries in admin docs
Date: Tue, 11 Mar 2008 11:18:44 -0700
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
On Tue, Mar 11, 2008 at 10:36 AM, Tom Lane <[email protected]> wrote:
> "Scott Marlowe" <[email protected]> writes:
> > I was just looking for something in the admin docs, and it seems like
> > the ordering of sections is sub-optimal.
>
> > 17. Operating System Environment
> > 18. Server Configuration
> > 19. Database Roles and Privileges
> > 20. Managing Databases
> > 21. Client Authentication
>
> > Seems that Client Authentication should come right after Server
> > Configuration. After all, how is someone going to handle roles and
> > database creation before they've authenticated?
>
> Well, until you know what a role is, the client auth discussion might
> not make too much sense to you...
>
> I'm not wedded to the current ordering but I'm not sure it's silly
> either.
>
> Something else that ought to be considered here is that now that we have
> CONNECT privilege for databases, manipulating privileges is a lot saner
> way to control who-can-connect-where than setting up fancy combinations
> of user and database entries in pg_hba.conf. AFAIR there is no mention
> of this alternative in Chapter 21, but it seems like there ought to be.
> With your proposed reorganization, that would become a forward
> reference; is that OK?
I've deleted and rewritten this email like 4 times...
The more I read the docs, the more moving client authentication seems
to make sense. In fact, the authentication problems section is
probably the perfect final bit to the Connections and Authentication
section. I'd move it up a level, so that it looked something like
this:
18.3. Connections and Authentication
18.3.1. Connection Settings
18.3.2. Security and Authentication
18.3.3. The pg_hba.conf file
18.3.4. Authentication methods
18.3.5. Authentication problems
Unless a different level of indentation makes more sense, which I
could totally understand.
It definitely follows the flow of setting up a pg server better for
me. I might even move the pg_hba.conf file to 18.3.1 up there. It is
pretty much a firewall.
view thread (17+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: order of entries in admin docs
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox