From 226bae27b9df67a2564010d7989626630d3b763d Mon Sep 17 00:00:00 2001
From: Bruce Momjian <bruce@momjian.us>
Date: Sat, 16 Aug 2003 23:33:49 +0000
Subject: [PATCH] Add mention that Kerberos 4 isn't recommended.

---
 doc/TODO                      |  4 ++--
 doc/src/sgml/client-auth.sgml | 25 +++++++++++++++----------
 2 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/doc/TODO b/doc/TODO
index d2b7b40a9f..dc52145303 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -1,6 +1,6 @@
 TODO list for PostgreSQL
 ========================
-Last updated:		Tue Aug 12 18:04:15 EDT 2003
+Last updated:		Sat Aug 16 16:51:46 EDT 2003
 
 Current maintainer:	Bruce Momjian (pgman@candle.pha.pa.us)
 
@@ -479,7 +479,7 @@ Source Code
 * Acquire lock on a relation before building a relcache entry for it
 * Research interaction of setitimer() and sleep() used by statement_timeout
 * Add checks for fclose() failure
-* Change CVS $Id: TODO,v 1.1115 2003/08/13 03:12:04 momjian Exp $ to $PostgreSQL: pgsql/doc/TODO,v 1.1115 2003/08/13 03:12:04 momjian Exp $
+* Change CVS $Id: TODO,v 1.1116 2003/08/16 23:33:49 momjian Exp $ to $PostgreSQL: pgsql/doc/TODO,v 1.1116 2003/08/16 23:33:49 momjian Exp $
 * Exit postmaster if postgresql.conf can not be opened
 * Rename /scripts directory because they are all C programs now
 * Allow the regression tests to start postmaster with -i so the tests
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index e6180c762e..6e7cbc92b6 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.53 2003/07/26 13:50:01 momjian Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/client-auth.sgml,v 1.54 2003/08/16 23:33:49 momjian Exp $
 -->
 
 <chapter id="client-authentication">
@@ -610,16 +610,21 @@ local   db1,db2,@demodbs  all                                       md5
 
    <para>
     <productname>Kerberos</productname> is an industry-standard secure
-    authentication system suitable for distributed computing over a
-    public network. A description of the
-    <productname>Kerberos</productname> system is far beyond the scope
-    of this document; in all generality it can be quite complex (yet
-    powerful). The <ulink
+    authentication system suitable for distributed computing over a public
+    network. A description of the <productname>Kerberos</productname> system
+    is far beyond the scope of this document; in all generality it can be
+    quite complex (yet powerful). The <ulink
     url="http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html">Kerberos
-    <acronym>FAQ</></ulink> or <ulink
-    url="ftp://athena-dist.mit.edu">MIT Project Athena</ulink> can be
-    a good starting point for exploration. Several sources for
-    <productname>Kerberos</> distributions exist.
+    <acronym>FAQ</></ulink> or <ulink url="ftp://athena-dist.mit.edu">MIT
+    Project Athena</ulink> can be a good starting point for exploration.
+    Several sources for <productname>Kerberos</> distributions exist.
+   </para>
+
+   <para>
+    While <productname>PostgreSQL</> supports both Kerberos 4 and 
+    Kerberos 5, only Kerberos 5 is recommended.  Kerberos 4 is
+    considered insecure and no longer recommended for general
+    use.
    </para>
 
    <para>