X-Git-Url: https://git.tokkee.org/?p=sysdb.git;a=blobdiff_plain;f=doc%2Fsysdb-auth.txt;fp=doc%2Fsysdb-auth.txt;h=2105f9bb96bb464907909019ed99fda512bc37bb;hp=0000000000000000000000000000000000000000;hb=2a77f65fe90397f95f6f83fa394e7c1ee304b09e;hpb=789753071f0628ba111a12a87b701c74cfbf43f3

diff --git a/doc/sysdb-auth.txt b/doc/sysdb-auth.txt
new file mode 100644
index 0000000..2105f9b
--- /dev/null
+++ b/doc/sysdb-auth.txt
@@ -0,0 +1,18 @@
+SysDB requires all client connections to a database server to be
+authenticated. The following authentication mechanism are supported at this
+time:
+
+*Peer authentication for UNIX domain socket connections*::
+	Connections via UNIX domain sockets are authenticated by obtaining the
+	client's operating system user name from the kernel. The name has to match
+	the username used to connect to the server.
+
+*SSL certificate authentication for TCP connection*::
+	SSL client certificates will be used to authenticate TCP connections. The
+	'cn' (common name) attribute of the certificate has to match the username
+	used to connect to the server.
+	Note that full client and server verification is currently enforced on all
+	TCP connections.
+
+// vim: set tw=78 sw=4 ts=4 noexpandtab spell spelllang=en_us :
+