Add mention that Kerberos 4 isn't recommended.

226bae27 · Bruce Momjian · edc999b0 · 226bae27 · 226bae27
Commit 226bae27 authored Aug 16, 2003 by Bruce Momjian
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 12 deletions

doc/TODO doc/TODO +2 -2

doc/src/sgml/client-auth.sgml doc/src/sgml/client-auth.sgml +15 -10

No files found.
--- a/doc/TODO
+++ b/doc/TODO
 TODO list for PostgreSQL
 ========================
-Last updated:		Tue Aug 12 18:04:15 EDT 2003
+Last updated:		Sat Aug 16 16:51:46 EDT 2003
 Current maintainer:	Bruce Momjian (pgman@candle.pha.pa.us)
@@ -479,7 +479,7 @@ Source Code
 * Acquire lock on a relation before building a relcache entry for it
 * Research interaction of setitimer() and sleep() used by statement_timeout
 * Add checks for fclose() failure
-* Change CVS $Id: TODO,v 1.1115 2003/08/13 03:12:04 momjian Exp $ to $PostgreSQL: pgsql/doc/TODO,v 1.1115 2003/08/13 03:12:04 momjian Exp $
+* Change CVS $Id: TODO,v 1.1116 2003/08/16 23:33:49 momjian Exp $ to $PostgreSQL: pgsql/doc/TODO,v 1.1116 2003/08/16 23:33:49 momjian Exp $
 * Exit postmaster if postgresql.conf can not be opened
 * Rename /scripts directory because they are all C programs now
 * Allow the regression tests to start postmaster with -i so the tests

--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.53 2003/07/26 13:50:01 momjian Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.54 2003/08/16 23:33:49 momjian Exp $
 -->
 <chapter id="client-authentication">
@@ -610,16 +610,21 @@ local   db1,db2,@demodbs  all                                       md5
   <para>
    <productname>Kerberos</productname> is an industry-standard secure
-    authentication system suitable for distributed computing over a
+    authentication system suitable for distributed computing over a public
-    public network. A description of the
+    network. A description of the <productname>Kerberos</productname> system
-    <productname>Kerberos</productname> system is far beyond the scope
+    is far beyond the scope of this document; in all generality it can be
-    of this document; in all generality it can be quite complex (yet
+    quite complex (yet powerful). The <ulink
-    powerful). The <ulink
    url="http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html">Kerberos
-    <acronym>FAQ</></ulink> or <ulink
+    <acronym>FAQ</></ulink> or <ulink url="ftp://athena-dist.mit.edu">MIT
-    url="ftp://athena-dist.mit.edu">MIT Project Athena</ulink> can be
+    Project Athena</ulink> can be a good starting point for exploration.
-    a good starting point for exploration. Several sources for
+    Several sources for <productname>Kerberos</> distributions exist.
-    <productname>Kerberos</> distributions exist.
+   </para>
+   <para>
+    While <productname>PostgreSQL</> supports both Kerberos 4 and 
+    Kerberos 5, only Kerberos 5 is recommended.  Kerberos 4 is
+    considered insecure and no longer recommended for general
+    use.
   </para>
   <para>