postgresql/src/backend/libpq
Heikki Linnakangas 7c45e3a3c6 Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format.
Similar changes were done to pg_hba.conf earlier already, this commit makes
pg_ident.conf to behave the same as pg_hba.conf.

This has two user-visible effects. First, if pg_ident.conf contains multiple
errors, the whole file is parsed at postmaster startup time and all the
errors are immediately reported. Before this patch, the file was parsed and
the errors were reported only when someone tries to connect using an
authentication method that uses the file, and the parsing stopped on first
error. Second, if you SIGHUP to reload the config files, and the new
pg_ident.conf file contains an error, the error is logged but the old file
stays in effect.

Also, regular expressions in pg_ident.conf are now compiled only once when
the file is loaded, rather than every time the a user is authenticated. That
should speed up authentication if you have a lot of regexps in the file.

Amit Kapila
2012-09-21 17:54:39 +03:00
..
auth.c Remove duplicate, unnecessary, variable declaration 2012-07-04 16:17:30 +02:00
be-fsstubs.c Clean up compiler warnings from unused variables with asserts disabled 2012-03-21 23:33:10 +02:00
be-secure.c Remove unreachable code 2012-07-16 22:15:03 +03:00
crypt.c Remove useless cast 2012-02-26 15:31:16 +02:00
hba.c Parse pg_ident.conf when it's loaded, keeping it in memory in parsed format. 2012-09-21 17:54:39 +03:00
ip.c Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
Makefile Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
md5.c Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
pg_hba.conf.sample initdb: Add options --auth-local and --auth-host 2012-02-01 21:18:55 +02:00
pg_ident.conf.sample Reformat the comments in pg_hba.conf and pg_ident.conf 2010-01-26 06:58:39 +00:00
pqcomm.c Support having multiple Unix-domain sockets per postmaster. 2012-08-10 17:27:15 -04:00
pqformat.c Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
pqsignal.c Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
README.SSL Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00

src/backend/libpq/README.SSL

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup





>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------