| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Peter Koczan" <pjkoczan(at)gmail(dot)com> |
| Cc: | pgsql-bugs(at)postgresql(dot)org, Magnus Hagander <magnus(at)hagander(dot)net> |
| Subject: | Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal |
| Date: | 2009-05-26 18:35:54 |
| Message-ID: | 16479.1243362954@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
"Peter Koczan" <pjkoczan(at)gmail(dot)com> writes:
> PostgreSQL version: 8.4beta2
> Description: KRB5/GSSAPI authentication fails when user != principal
> When authenticating with Kerberos/GSSAPI, if the Kerberos principal is not
> the same as the shell user, authentication fails.
> It appears to assume that the shell user is the user to connect as. However,
> using an 8.3 client works as previously expected.
This is an intentional change. It is mentioned in the release notes,
though perhaps not too helpfully:
Make Kerberos connections use the same method to determine the
username of the client as all other authentication methods (Magnus)
Previously a special Kerberos-only API was used.
We should probably at least clarify this release note. Do you want
to make an argument that this is a fundamental breakage and we need
to revert it? If so, what's the argument?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-05-26 20:13:03 | Re: BUG #4817: Dump of 8.3 hstore not restorable to 8.4 (RECHECK) |
| Previous Message | Peter Koczan | 2009-05-26 18:00:20 | BUG #4824: KRB5/GSSAPI authentication fails when user != principal |