Received: from localhost (unknown [200.46.204.184]) by postgresql.org (Postfix) with ESMTP id AE2AF2E035E for ; Tue, 11 Mar 2008 15:20:06 -0300 (ADT) Received: from postgresql.org ([200.46.204.71]) by localhost (mx1.hub.org [200.46.204.184]) (amavisd-maia, port 10024) with ESMTP id 76469-01-6 for ; Tue, 11 Mar 2008 15:19:42 -0300 (ADT) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.5 Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.181]) by postgresql.org (Postfix) with ESMTP id CD9332E01E5 for ; Tue, 11 Mar 2008 15:18:50 -0300 (ADT) Received: by wa-out-1112.google.com with SMTP id m38so3001171waf.5 for ; Tue, 11 Mar 2008 11:18:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=HZYOLN0Wa2AkNvgL2hNiOcGz/MTtB69MfamZvq37Nl4=; b=DbEQe1dWopmiDYvsw/Pji0ctwsOQbWvAcUaEUDRQB5u23ohhC43fJFrObyc3rzMM5UBJJ+l4NZuQGnU8gpSrwaXVCVN6BZYf8CWVPo9fQVGHjtps3wRkumGTOLFldt4ar68Q+ZOnHJ8GTy3/2Kcy7Mmu5yU+Mdq3KcHij+ZQkcw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Djpg9ey0viB3KvcWXeKyimtOY8obtKfZuiijLAdkyCWZlilQ4bzjdZyfpxZo3TDr10b5KO3m9sbtN6+B7Jn6rnlj2RcWsWND+W3LnTxHiBF5+IAQDqGH6hHdqhAVa75UCvgMytVAXEn0ys9+V92v/Q5R2XPicfJdIRSo9Wv9mVk= Received: by 10.114.153.18 with SMTP id a18mr5374978wae.127.1205259524180; Tue, 11 Mar 2008 11:18:44 -0700 (PDT) Received: by 10.114.133.6 with HTTP; Tue, 11 Mar 2008 11:18:44 -0700 (PDT) Message-ID: Date: Tue, 11 Mar 2008 11:18:44 -0700 From: "Scott Marlowe" To: "Tom Lane" Subject: Re: order of entries in admin docs Cc: pgsql-docs@postgresql.org In-Reply-To: <27873.1205257019@sss.pgh.pa.us> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <27873.1205257019@sss.pgh.pa.us> X-Virus-Scanned: Maia Mailguard 1.0.1 X-Archive-Number: 200803/39 X-Sequence-Number: 4851 On Tue, Mar 11, 2008 at 10:36 AM, Tom Lane wrote: > "Scott Marlowe" writes: > > I was just looking for something in the admin docs, and it seems like > > the ordering of sections is sub-optimal. > > > 17. Operating System Environment > > 18. Server Configuration > > 19. Database Roles and Privileges > > 20. Managing Databases > > 21. Client Authentication > > > Seems that Client Authentication should come right after Server > > Configuration. After all, how is someone going to handle roles and > > database creation before they've authenticated? > > Well, until you know what a role is, the client auth discussion might > not make too much sense to you... > > I'm not wedded to the current ordering but I'm not sure it's silly > either. > > Something else that ought to be considered here is that now that we have > CONNECT privilege for databases, manipulating privileges is a lot saner > way to control who-can-connect-where than setting up fancy combinations > of user and database entries in pg_hba.conf. AFAIR there is no mention > of this alternative in Chapter 21, but it seems like there ought to be. > With your proposed reorganization, that would become a forward > reference; is that OK? I've deleted and rewritten this email like 4 times... The more I read the docs, the more moving client authentication seems to make sense. In fact, the authentication problems section is probably the perfect final bit to the Connections and Authentication section. I'd move it up a level, so that it looked something like this: 18.3. Connections and Authentication 18.3.1. Connection Settings 18.3.2. Security and Authentication 18.3.3. The pg_hba.conf file 18.3.4. Authentication methods 18.3.5. Authentication problems Unless a different level of indentation makes more sense, which I could totally understand. It definitely follows the flow of setting up a pg server better for me. I might even move the pg_hba.conf file to 18.3.1 up there. It is pretty much a firewall.