summaryrefslogtreecommitdiffstats
path: root/doc/src/sgml/html/gssapi-enc.html
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 12:19:15 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 12:19:15 +0000
commit6eb9c5a5657d1fe77b55cc261450f3538d35a94d (patch)
tree657d8194422a5daccecfd42d654b8a245ef7b4c8 /doc/src/sgml/html/gssapi-enc.html
parentInitial commit. (diff)
downloadpostgresql-13-6eb9c5a5657d1fe77b55cc261450f3538d35a94d.tar.xz
postgresql-13-6eb9c5a5657d1fe77b55cc261450f3538d35a94d.zip
Adding upstream version 13.4.upstream/13.4upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/src/sgml/html/gssapi-enc.html')
-rw-r--r--doc/src/sgml/html/gssapi-enc.html31
1 files changed, 31 insertions, 0 deletions
diff --git a/doc/src/sgml/html/gssapi-enc.html b/doc/src/sgml/html/gssapi-enc.html
new file mode 100644
index 0000000..84f829c
--- /dev/null
+++ b/doc/src/sgml/html/gssapi-enc.html
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>18.10. Secure TCP/IP Connections with GSSAPI Encryption</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="prev" href="ssl-tcp.html" title="18.9. Secure TCP/IP Connections with SSL" /><link rel="next" href="ssh-tunnels.html" title="18.11. Secure TCP/IP Connections with SSH Tunnels" /></head><body id="docContent" class="container-fluid col-10"><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">18.10. Secure TCP/IP Connections with GSSAPI Encryption</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="ssl-tcp.html" title="18.9. Secure TCP/IP Connections with SSL">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="runtime.html" title="Chapter 18. Server Setup and Operation">Up</a></td><th width="60%" align="center">Chapter 18. Server Setup and Operation</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="ssh-tunnels.html" title="18.11. Secure TCP/IP Connections with SSH Tunnels">Next</a></td></tr></table><hr></hr></div><div class="sect1" id="GSSAPI-ENC"><div class="titlepage"><div><div><h2 class="title" style="clear: both">18.10. Secure TCP/IP Connections with GSSAPI Encryption</h2></div></div></div><div class="toc"><dl class="toc"><dt><span class="sect2"><a href="gssapi-enc.html#GSSAPI-SETUP">18.10.1. Basic Setup</a></span></dt></dl></div><a id="id-1.6.5.13.2" class="indexterm"></a><p>
+ <span class="productname">PostgreSQL</span> also has native support for
+ using <acronym class="acronym">GSSAPI</acronym> to encrypt client/server communications for
+ increased security. Support requires that a <acronym class="acronym">GSSAPI</acronym>
+ implementation (such as MIT Kerberos) is installed on both client and server
+ systems, and that support in <span class="productname">PostgreSQL</span> is
+ enabled at build time (see <a class="xref" href="installation.html" title="Chapter 16. Installation from Source Code">Chapter 16</a>).
+ </p><div class="sect2" id="GSSAPI-SETUP"><div class="titlepage"><div><div><h3 class="title">18.10.1. Basic Setup</h3></div></div></div><p>
+ The <span class="productname">PostgreSQL</span> server will listen for both
+ normal and <acronym class="acronym">GSSAPI</acronym>-encrypted connections on the same TCP
+ port, and will negotiate with any connecting client whether to
+ use <acronym class="acronym">GSSAPI</acronym> for encryption (and for authentication). By
+ default, this decision is up to the client (which means it can be
+ downgraded by an attacker); see <a class="xref" href="auth-pg-hba-conf.html" title="20.1. The pg_hba.conf File">Section 20.1</a> about
+ setting up the server to require the use of <acronym class="acronym">GSSAPI</acronym> for
+ some or all connections.
+ </p><p>
+ When using <acronym class="acronym">GSSAPI</acronym> for encryption, it is common to
+ use <acronym class="acronym">GSSAPI</acronym> for authentication as well, since the
+ underlying mechanism will determine both client and server identities
+ (according to the <acronym class="acronym">GSSAPI</acronym> implementation) in any
+ case. But this is not required;
+ another <span class="productname">PostgreSQL</span> authentication method
+ can be chosen to perform additional verification.
+ </p><p>
+ Other than configuration of the negotiation
+ behavior, <acronym class="acronym">GSSAPI</acronym> encryption requires no setup beyond
+ that which is necessary for GSSAPI authentication. (For more information
+ on configuring that, see <a class="xref" href="gssapi-auth.html" title="20.6. GSSAPI Authentication">Section 20.6</a>.)
+ </p></div></div><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navfooter"><hr></hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ssl-tcp.html" title="18.9. Secure TCP/IP Connections with SSL">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="runtime.html" title="Chapter 18. Server Setup and Operation">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="ssh-tunnels.html" title="18.11. Secure TCP/IP Connections with SSH Tunnels">Next</a></td></tr><tr><td width="40%" align="left" valign="top">18.9. Secure TCP/IP Connections with SSL </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="40%" align="right" valign="top"> 18.11. Secure TCP/IP Connections with <span xmlns="http://www.w3.org/1999/xhtml" class="application">SSH</span> Tunnels</td></tr></table></div></body></html> \ No newline at end of file