diff options
Diffstat (limited to 'doc/src/sgml/client-auth.sgml')
-rw-r--r-- | doc/src/sgml/client-auth.sgml | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index 740ae77..7db407e 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -662,7 +662,7 @@ include_dir <replaceable>directory</replaceable> entire <literal>Distinguished Name (DN)</literal> of the certificate. This option is probably best used in conjunction with a username map. The comparison is done with the <literal>DN</literal> in - <ulink url="https://tools.ietf.org/html/rfc2253">RFC 2253</ulink> + <ulink url="https://datatracker.ietf.org/doc/html/rfc2253">RFC 2253</ulink> format. To see the <literal>DN</literal> of a client certificate in this format, do <programlisting> @@ -943,8 +943,8 @@ local db1,db2,@demodbs all md5 external authentication system with the database user name that the user has requested to connect as. The value <literal>all</literal> can be used as the <replaceable>database-username</replaceable> to specify - that if the <replaceable>system-user</replaceable> matches, then this user - is allowed to log in as any of the existing database users. Quoting + that if the <replaceable>system-username</replaceable> matches, then this + user is allowed to log in as any of the existing database users. Quoting <literal>all</literal> makes the keyword lose its special meaning. </para> <para> @@ -1089,7 +1089,7 @@ omicron bryanh guest1 <para> <link linkend="auth-ident">Ident authentication</link>, which relies on an <quote>Identification Protocol</quote> - (<ulink url="https://tools.ietf.org/html/rfc1413">RFC 1413</ulink>) + (<ulink url="https://datatracker.ietf.org/doc/html/rfc1413">RFC 1413</ulink>) service on the client's machine. (On local Unix-socket connections, this is treated as peer authentication.) </para> @@ -1228,7 +1228,7 @@ omicron bryanh guest1 <para> The method <literal>scram-sha-256</literal> performs SCRAM-SHA-256 authentication, as described in - <ulink url="https://tools.ietf.org/html/rfc7677">RFC 7677</ulink>. It + <ulink url="https://datatracker.ietf.org/doc/html/rfc7677">RFC 7677</ulink>. It is a challenge-response scheme that prevents password sniffing on untrusted connections and supports storing passwords on the server in a cryptographically hashed form that is thought to be secure. @@ -1340,7 +1340,7 @@ omicron bryanh guest1 <para> <productname>GSSAPI</productname> is an industry-standard protocol for secure authentication defined in - <ulink url="https://tools.ietf.org/html/rfc2743">RFC 2743</ulink>. + <ulink url="https://datatracker.ietf.org/doc/html/rfc2743">RFC 2743</ulink>. <productname>PostgreSQL</productname> supports <productname>GSSAPI</productname> for authentication, communications encryption, or both. @@ -1655,7 +1655,7 @@ omicron bryanh guest1 <para> The <quote>Identification Protocol</quote> is described in - <ulink url="https://tools.ietf.org/html/rfc1413">RFC 1413</ulink>. + <ulink url="https://datatracker.ietf.org/doc/html/rfc1413">RFC 1413</ulink>. Virtually every Unix-like operating system ships with an ident server that listens on TCP port 113 by default. The basic functionality of an ident server @@ -1824,7 +1824,7 @@ omicron bryanh guest1 <para> Set to 1 to make the connection between PostgreSQL and the LDAP server use TLS encryption. This uses the <literal>StartTLS</literal> - operation per <ulink url="https://tools.ietf.org/html/rfc4513">RFC 4513</ulink>. + operation per <ulink url="https://datatracker.ietf.org/doc/html/rfc4513">RFC 4513</ulink>. See also the <literal>ldapscheme</literal> option for an alternative. </para> </listitem> @@ -1919,7 +1919,7 @@ omicron bryanh guest1 <term><literal>ldapurl</literal></term> <listitem> <para> - An <ulink url="https://tools.ietf.org/html/rfc4516">RFC 4516</ulink> + An <ulink url="https://datatracker.ietf.org/doc/html/rfc4516">RFC 4516</ulink> LDAP URL. This is an alternative way to write some of the other LDAP options in a more compact and standard form. The format is <synopsis> @@ -1982,7 +1982,7 @@ ldap[s]://<replaceable>host</replaceable>[:<replaceable>port</replaceable>]/<rep <productname>OpenLDAP</productname> as the LDAP client library, the <literal>ldapserver</literal> setting may be omitted. In that case, a list of host names and ports is looked up via - <ulink url="https://tools.ietf.org/html/rfc2782">RFC 2782</ulink> DNS SRV records. + <ulink url="https://datatracker.ietf.org/doc/html/rfc2782">RFC 2782</ulink> DNS SRV records. The name <literal>_ldap._tcp.DOMAIN</literal> is looked up, where <literal>DOMAIN</literal> is extracted from <literal>ldapbasedn</literal>. </para> |