sysdb(1), sysdbd(1): Document client authentication.

diff --git a/doc/Makefile.am b/doc/Makefile.am
index af7962b02f341a184164af81b2c49f9a41762cf7..b795d62e0ae752a003d873264e89723187a750ee 100644 (file)
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -9,6 +9,7 @@ EXTRA_DIST = \
                sysdb.1.txt \
                sysdbd.1.txt \
                sysdbd.conf.5.txt \
+               sysdb-auth.txt \
                sysdb-description.txt \
                sysdbd-cname-dns.5.txt \
                sysdbd-collectd-unixsock.5.txt \
@@ -93,8 +94,8 @@ ADOC_FLAGS = \
 
 MAN_DEPS = asciidoc.conf ../version
 
-sysdb.1.xml: sysdb.1.txt $(MAN_DEPS)
-sysdbd.1.xml: sysdbd.1.txt $(MAN_DEPS)
+sysdb.1.xml: sysdb.1.txt sysdb-auth.txt $(MAN_DEPS)
+sysdbd.1.xml: sysdbd.1.txt sysdb-auth.txt $(MAN_DEPS)
 sysdbd.conf.5.xml: sysdbd.conf.5.txt $(MAN_DEPS)
 sysdbd-cname-dns.5.xml: sysdbd-cname-dns.5.txt $(MAN_DEPS)
 sysdbd-collectd-unixsock.5.xml: sysdbd-collectd-unixsock.5.txt $(MAN_DEPS)
@@ -119,8 +120,8 @@ sysdbd-timeseries-rrdtool.5: sysdbd-timeseries-rrdtool.5.xml
 sysdb.7: sysdb.7.xml
 sysdbql.7: sysdbql.7.xml
 
-sysdb.1.html: sysdb.1.txt $(MAN_DEPS)
-sysdbd.1.html: sysdbd.1.txt $(MAN_DEPS)
+sysdb.1.html: sysdb.1.txt sysdb-auth.txt $(MAN_DEPS)
+sysdbd.1.html: sysdbd.1.txt sysdb-auth.txt $(MAN_DEPS)
 sysdbd.conf.5.html: sysdbd.conf.5.txt $(MAN_DEPS)
 sysdbd-cname-dns.5.html: sysdbd-cname-dns.5.txt $(MAN_DEPS)
 sysdbd-collectd-unixsock.5.html: sysdbd-collectd-unixsock.5.txt $(MAN_DEPS)
@@ -129,8 +130,8 @@ sysdbd-mk-livestatus.5.html: sysdbd-mk-livestatus.5.txt $(MAN_DEPS)
 sysdbd-puppet-store-configs.5.html: sysdbd-puppet-store-configs.5.txt $(MAN_DEPS)
 sysdbd-syslog.5.html: sysdbd-syslog.5.txt $(MAN_DEPS)
 sysdbd-timeseries-rrdtool.5.html: sysdbd-timeseries-rrdtool.5.txt $(MAN_DEPS)
-sysdb.7.html: sysdb.7.txt sysdb-description.txt $(MAN_DEPS)
-sysdbql.7.html: sysdbql.7.txt sysdb-description.txt $(MAN_DEPS)
+sysdb.7.html: sysdb.7.txt sysdb-auth.txt sysdb-description.txt $(MAN_DEPS)
+sysdbql.7.html: sysdbql.7.txt sysdb-auth.txt sysdb-description.txt $(MAN_DEPS)
 
 html-local: $(html_DATA)
 install-html-local: install-htmlDATA

diff --git a/doc/sysdb-auth.txt b/doc/sysdb-auth.txt
new file mode 100644 (file)
index 0000000..2105f9b
--- /dev/null
+++ b/doc/sysdb-auth.txt
@@ -0,0 +1,18 @@
+SysDB requires all client connections to a database server to be
+authenticated. The following authentication mechanism are supported at this
+time:
+
+*Peer authentication for UNIX domain socket connections*::
+       Connections via UNIX domain sockets are authenticated by obtaining the
+       client's operating system user name from the kernel. The name has to match
+       the username used to connect to the server.
+
+*SSL certificate authentication for TCP connection*::
+       SSL client certificates will be used to authenticate TCP connections. The
+       'cn' (common name) attribute of the certificate has to match the username
+       used to connect to the server.
+       Note that full client and server verification is currently enforced on all
+       TCP connections.
+
+// vim: set tw=78 sw=4 ts=4 noexpandtab spell spelllang=en_us :
+

diff --git a/doc/sysdb.1.txt b/doc/sysdb.1.txt
index 33a561d8b2aff502cabe91ca09b56161809b92ac..ce73dbe0fe86117320c1e9313a2466b750c3db5c 100644 (file)
--- a/doc/sysdb.1.txt
+++ b/doc/sysdb.1.txt
@@ -61,6 +61,11 @@ General options:
 *-V*::
        Display the version number and copyright information.
 
+AUTHENTICATION
+--------------
+
+include::sysdb-auth.txt[]
+
 EXIT CODES
 ----------
 *0*::

diff --git a/doc/sysdbd.1.txt b/doc/sysdbd.1.txt
index 443927f1c6035bc93c01f0c2a1302842b20b1d4a..6bf4b96ed5ab0d6598282f14bffc9c588c801fba 100644 (file)
--- a/doc/sysdbd.1.txt
+++ b/doc/sysdbd.1.txt
@@ -41,6 +41,11 @@ OPTIONS
 *-V*::
        Display the version number and copyright information.
 
+CLIENT AUTHENTICATION
+---------------------
+
+include::sysdb-auth.txt[]
+
 FILES
 -----