summaryrefslogtreecommitdiffstats
path: root/doc/src/sgml/client-auth.sgml
diff options
context:
space:
mode:
Diffstat (limited to 'doc/src/sgml/client-auth.sgml')
-rw-r--r--doc/src/sgml/client-auth.sgml20
1 files changed, 10 insertions, 10 deletions
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index 740ae77..7db407e 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -662,7 +662,7 @@ include_dir <replaceable>directory</replaceable>
entire <literal>Distinguished Name (DN)</literal> of the certificate.
This option is probably best used in conjunction with a username map.
The comparison is done with the <literal>DN</literal> in
- <ulink url="https://tools.ietf.org/html/rfc2253">RFC 2253</ulink>
+ <ulink url="https://datatracker.ietf.org/doc/html/rfc2253">RFC 2253</ulink>
format. To see the <literal>DN</literal> of a client certificate
in this format, do
<programlisting>
@@ -943,8 +943,8 @@ local db1,db2,@demodbs all md5
external authentication system with the database user name that the
user has requested to connect as. The value <literal>all</literal>
can be used as the <replaceable>database-username</replaceable> to specify
- that if the <replaceable>system-user</replaceable> matches, then this user
- is allowed to log in as any of the existing database users. Quoting
+ that if the <replaceable>system-username</replaceable> matches, then this
+ user is allowed to log in as any of the existing database users. Quoting
<literal>all</literal> makes the keyword lose its special meaning.
</para>
<para>
@@ -1089,7 +1089,7 @@ omicron bryanh guest1
<para>
<link linkend="auth-ident">Ident authentication</link>, which
relies on an <quote>Identification Protocol</quote>
- (<ulink url="https://tools.ietf.org/html/rfc1413">RFC 1413</ulink>)
+ (<ulink url="https://datatracker.ietf.org/doc/html/rfc1413">RFC 1413</ulink>)
service on the client's machine. (On local Unix-socket connections,
this is treated as peer authentication.)
</para>
@@ -1228,7 +1228,7 @@ omicron bryanh guest1
<para>
The method <literal>scram-sha-256</literal> performs SCRAM-SHA-256
authentication, as described in
- <ulink url="https://tools.ietf.org/html/rfc7677">RFC 7677</ulink>. It
+ <ulink url="https://datatracker.ietf.org/doc/html/rfc7677">RFC 7677</ulink>. It
is a challenge-response scheme that prevents password sniffing on
untrusted connections and supports storing passwords on the server in a
cryptographically hashed form that is thought to be secure.
@@ -1340,7 +1340,7 @@ omicron bryanh guest1
<para>
<productname>GSSAPI</productname> is an industry-standard protocol
for secure authentication defined in
- <ulink url="https://tools.ietf.org/html/rfc2743">RFC 2743</ulink>.
+ <ulink url="https://datatracker.ietf.org/doc/html/rfc2743">RFC 2743</ulink>.
<productname>PostgreSQL</productname>
supports <productname>GSSAPI</productname> for authentication,
communications encryption, or both.
@@ -1655,7 +1655,7 @@ omicron bryanh guest1
<para>
The <quote>Identification Protocol</quote> is described in
- <ulink url="https://tools.ietf.org/html/rfc1413">RFC 1413</ulink>.
+ <ulink url="https://datatracker.ietf.org/doc/html/rfc1413">RFC 1413</ulink>.
Virtually every Unix-like
operating system ships with an ident server that listens on TCP
port 113 by default. The basic functionality of an ident server
@@ -1824,7 +1824,7 @@ omicron bryanh guest1
<para>
Set to 1 to make the connection between PostgreSQL and the LDAP server
use TLS encryption. This uses the <literal>StartTLS</literal>
- operation per <ulink url="https://tools.ietf.org/html/rfc4513">RFC 4513</ulink>.
+ operation per <ulink url="https://datatracker.ietf.org/doc/html/rfc4513">RFC 4513</ulink>.
See also the <literal>ldapscheme</literal> option for an alternative.
</para>
</listitem>
@@ -1919,7 +1919,7 @@ omicron bryanh guest1
<term><literal>ldapurl</literal></term>
<listitem>
<para>
- An <ulink url="https://tools.ietf.org/html/rfc4516">RFC 4516</ulink>
+ An <ulink url="https://datatracker.ietf.org/doc/html/rfc4516">RFC 4516</ulink>
LDAP URL. This is an alternative way to write some of the
other LDAP options in a more compact and standard form. The format is
<synopsis>
@@ -1982,7 +1982,7 @@ ldap[s]://<replaceable>host</replaceable>[:<replaceable>port</replaceable>]/<rep
<productname>OpenLDAP</productname> as the LDAP client library, the
<literal>ldapserver</literal> setting may be omitted. In that case, a
list of host names and ports is looked up via
- <ulink url="https://tools.ietf.org/html/rfc2782">RFC 2782</ulink> DNS SRV records.
+ <ulink url="https://datatracker.ietf.org/doc/html/rfc2782">RFC 2782</ulink> DNS SRV records.
The name <literal>_ldap._tcp.DOMAIN</literal> is looked up, where
<literal>DOMAIN</literal> is extracted from <literal>ldapbasedn</literal>.
</para>