Add missing documentation for SSPI packets.

6ca2f848 · Magnus Hagander · 57da4cca · 6ca2f848
Commit 6ca2f848 authored Dec 03, 2007 by Magnus Hagander
Show whitespace changes
Inline Side-by-side

Showing with 62 additions and 6 deletions

doc/src/sgml/protocol.sgml doc/src/sgml/protocol.sgml +62 -6

No files found.
--- a/doc/src/sgml/protocol.sgml
+++ b/doc/src/sgml/protocol.sgml
-<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.68 2007/07/18 12:00:47 mha Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.69 2007/12/03 13:40:11 mha Exp $ -->
 <chapter id="protocol">
 <title>Frontend/Backend Protocol</title>
@@ -230,10 +230,10 @@
    The server then sends an appropriate authentication request message,
    to which the frontend must reply with an appropriate authentication
    response message (such as a password).
-    For all authentication methods except GSSAPI, there is at most
+    For all authentication methods except GSSAPI and SSPI, there is at most
    one request and one response. In some methods, no response
    at all is needed from the frontend, and so no authentication request
-    occurs. For GSSAPI, multiple iterations of packets may be needed to 
+    occurs. For GSSAPI and SSPI, multiple iterations of packets may be needed to 
    complete the authentication.
   </para>
@@ -344,13 +344,26 @@
      </listitem>
     </varlistentry>
+     <varlistentry>
+      <term>AuthenticationSSPI</term>
+      <listitem>
+       <para>
+        The frontend must now initiate a SSPI negotiation. The frontend
+        will send a PasswordMessage with the first part of the SSPI
+        data stream in response to this. If further messages are needed,
+        the server will respond with AuthenticationGSSContinue.
+       </para>
+      </listitem>
+     </varlistentry>
     <varlistentry>
      <term>AuthenticationGSSContinue</term>
      <listitem>
       <para>
        This message contains the response data from the previous step
-        of GSSAPI negotiation (AuthenticationGSS or a previous
+        of GSSAPI or SSPI negotiation (AuthenticationGSS, AuthenticationSSPI
-        AuthenticationGSSContinue). If the GSSAPI data in this message
+        or a previous AuthenticationGSSContinue). If the GSSAPI 
+        or SSPI data in this message
        indicates more data is needed to complete the authentication,
        the frontend must send this data as another PasswordMessage. If
        GSSAPI authentication is completed by this message, the server
@@ -1706,6 +1719,49 @@ AuthenticationGSS (B)
 </varlistentry>
+<varlistentry>
+<term>
+AuthenticationSSPI (B)
+</term>
+<listitem>
+<para>
+<variablelist>
+<varlistentry>
+<term>
+        Byte1('R')
+</term>
+<listitem>
+<para>
+                Identifies the message as an authentication request.
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>
+        Int32(8)
+</term>
+<listitem>
+<para>
+                Length of message contents in bytes, including self.
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>
+        Int32(9)
+</term>
+<listitem>
+<para>
+                Specifies that SSPI authentication is required.
+</para>
+</listitem>
+</varlistentry>
+</variablelist>
+</para>
+</listitem>
+</varlistentry>
 <varlistentry>
 <term>
 AuthenticationGSSContinue (B)
@@ -1750,7 +1806,7 @@ AuthenticationGSSContinue (B)
 </term>
 <listitem>
 <para>
-                GSSAPI authentication data.
+                GSSAPI or SSPI authentication data.
 </para>
 </listitem>
 </varlistentry>