From f8b3352fbc438581e13ed02e4d93559b4d2016c4 Mon Sep 17 00:00:00 2001
From: Tatsuo Ishii <ishii@postgresql.org>
Date: Fri, 17 Jan 2025 14:22:05 +0900
Subject: [PATCH] Doc: enhance client authentication chapter.

Add intro about pool_passwd. Previously there was only description on
pool_hba.conf in the overview page. A general guide to pool_passwd
will help users to understand this chapter.
---
 doc.ja/src/sgml/client-auth.sgml |  4 ++++
 doc/src/sgml/client-auth.sgml    | 20 ++++++++++++++++++++
 2 files changed, 24 insertions(+)
diff --git a/doc.ja/src/sgml/client-auth.sgml b/doc.ja/src/sgml/client-auth.sgml
index ab5bde966..996cc9f07 100644
--- a/doc.ja/src/sgml/client-auth.sgml
+++ b/doc.ja/src/sgml/client-auth.sgml
@@ -36,6 +36,10 @@
   ãã®ãããã¯ã©ã¤ã¢ã³ããã¹ãã«åºã¥ãèªè¨¼ã®ããã<productname>Pgpool-II</productname>ã¯<literal>pg_hba</literal>ã¨åæ§ã«ã¯ã©ã¤ã¢ã³ãæ¥ç¶ã®èªè¨¼å¦çãè¡ã<literal>pool_hba</literal>ã®ã¡ã«ããºã ãæã£ã¦ãã¾ãã
  </para>
 
+ <para>
+  ã¯ã©ã¤ã¢ã³ãã<productname>Pgpool-II</productname>ã«æ¥ç¶ããéã®èªè¨¼ç¨ã®ãã¹ã¯ã¼ããç®¡çããã®ã<filename>pool_passwd</filename>ãã¡ã¤ã«ã§ãï¼è©³ç´°ã¯<xref linkend="guc-pool-passwd">ããè¦§ãã ããã)<filename>pool_passwd</filename>ã«ç»é²ããããã¹ã¯ã¼ãã¯ã<productname>PostgreSQL</productname>ã«ç»é²ããããã¹ã¯ã¼ãã¨ä¸è´ãã¦ããå¿è¦ãããã¾ãã<productname>PostgreSQL</productname>ã«ç»é²ããããã¹ã¯ã¼ããå¤æ´ãã¦ãã<filename>pool_passwd</filename>ã®ãã¹ã¯ã¼ãã¯èªåå¤æ´ãããªããã¨ã«æ³¨æãã¦ãã ããã<link linkend="auth-scram">scram-shar-256èªè¨¼</link>ã¨<link linkend="auth-md5">MD5èªè¨¼</link>ã§ã¯ã<filename>pool_passwd</filename>ã«ã¦ã¼ã¶åã¨ãã¹ã¯ã¼ããç»é²ããã®ãå¿é ã§ããã<link linkend="auth-password">clear text passwordèªè¨¼</link>ã§ã¯å¿é ã§ã¯ããã¾ããããã®ããã<filename>pool_passwd</filename>ã®ãã¹ã¯ã¼ãã®ä¿å®ãé¿ãããå ´åã«ã¯ã<link linkend="auth-password">clear text passwordèªè¨¼</link>ã®æ¤è¨ããå§ããã¾ãã
+ </para>
+
  <sect1 id="auth-pool-hba-conf">
   <!--
   <title>The <filename>pool_hba.conf</filename> File</title>
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index 6441be083..5096c8718 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -30,6 +30,26 @@
   <literal>pool_hba</literal> mechanism similar to the <literal>pg_hba</literal> mechanism for
   authenticating the incoming client connections.
  </para>
+ <para>
+  The <filename>pool_passwd</filename> file manages passwords for
+  authentication used when clients connect
+  to <productname>Pgpool-II</productname>
+  (see <xref linkend="guc-pool-passwd"> for more details). The
+  passwords registered on <filename>pool_passwd</filename> must match
+  with the passwords registered
+  on <productname>PostgreSQL</productname>. Note that passwords
+  changed on <productname>PostgreSQL</productname> are not
+  automatically sync to the passwords
+  on <filename>pool_passwd</filename>. <link linkend="auth-scram">scram-shar-256
+  authentication</link> and <link linkend="auth-md5">MD5
+  authentication</link> require that the user name and the password
+  have been already registered on <filename>pool_passwd</filename>,
+  while <link linkend="auth-password">clear text password
+  authentication</link> does not require that. Therefore, if you want
+  to avoid maintaining the <filename>pool_passwd</filename>, it would
+  be worth to check <link linkend="auth-password">clear text password
+  authentication</link>.
+ </para>
 
  <sect1 id="auth-pool-hba-conf">
   <title>The <filename>pool_hba.conf</filename> File</title>
-- 
2.39.5

