PQregisterThreadLock().
I also remove the crypt() mention in the libpq threading section and
added a single sentence in the client-auth manual page under crypt().
Crypt authentication is so old now that a separate paragraph about it
seemed unwise.
I also added a comment about our use of locking around pqGetpwuid().
<!--
-$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.83 2005/08/14 23:35:37 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.84 2005/10/24 15:38:36 momjian Exp $
-->
<chapter id="client-authentication">
authentication.
Since the password is sent in clear text over the
network, this should not be used on untrusted networks.
+ It also does not usually work with threaded client applications.
See <xref linkend="auth-password"> for details.
</para>
</listitem>
<!--
-$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.196 2005/10/20 23:57:51 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.197 2005/10/24 15:38:36 momjian Exp $
-->
<chapter id="libpq">
fail if the server does not present a certificate; therefore, to
use this feature the server must also have a <filename>root.crt</> file.
</para>
+
+ <para>
+ If you are using <acronym>SSL</> inside your application (in addition to
+ inside <application>libpq</application>), you can use <function>PQinitSSL(int)</>
+ to tell <application>libpq</application> that the <acronym>SSL</> library
+ has already been initialized by your application.
+ </para>
+
+
</sect1>
</para>
<para>
-<application>libpq</application> applications that use the
-<literal>crypt</literal> authentication method rely on the
-<literal>crypt()</literal> operating system function, which is often
-not thread-safe.<indexterm><primary>crypt</><secondary>thread
-safety</></> It is better to use the <literal>md5</literal> method,
-which is thread-safe on all platforms.
+If you are using Kerberos inside your application (in addition to inside
+<application>libpq</application>), you will need to do locking around
+Kerberos calls because Kerberos functions are not thread-safe. See
+function <function>PQregisterThreadLock</> in the
+<application>libpq</application> source code for a way to do cooperative
+locking between <application>libpq</application> and your application.
</para>
<para>
* exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.106 2005/10/17 16:24:20 tgl Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.107 2005/10/24 15:38:37 momjian Exp $
*
*-------------------------------------------------------------------------
*/
struct passwd *pw = NULL;
#endif
+ /*
+ * pglock_thread() really only needs to be called around
+ * pg_krb5_authname(), but some users are using configure
+ * --enable-thread-safety-force, so we might as well do
+ * the locking within our library to protect pqGetpwuid().
+ * In fact, application developers can use getpwuid()
+ * in their application if they use the locking call we
+ * provide, or install their own locking function using
+ * PQregisterThreadLock().
+ */
pglock_thread();
#ifdef KRB5
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.72 2005/10/15 02:49:48 momjian Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.73 2005/10/24 15:38:37 momjian Exp $
*
* NOTES
* [ Most of these notes are wrong/obsolete, but perhaps not all ]
/*
- * Exported (but as yet undocumented) function to allow application to
- * tell us it's already initialized OpenSSL.
+ * Exported function to allow application to tell us it's already
+ * initialized OpenSSL.
*/
void
PQinitSSL(int do_init)
projects / postgresql / commitdiff