Skip site navigation (1) Skip section navigation (2)

Re: [HACKERS] Postgres 8.1.x and MIT Kerberos 5

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Magnus Hagander <mha(at)sollentuna(dot)net>
Cc: Mohan Anon <mohan(dot)anon(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org,pgsql-admin(at)postgresql(dot)org
Subject: Re: [HACKERS] Postgres 8.1.x and MIT Kerberos 5
Date: 2006-02-05 15:51:56
Message-ID: 20060205155156.GA4474@ns.snowman.net (view raw or flat)
Thread:
Lists: pgsql-adminpgsql-hackers
* Magnus Hagander (mha(at)sollentuna(dot)net) wrote:
> The *REALM* is not checked, however. This can cause problems if you have
> a multi-realm system (where the realms already trust each other, because
> the KDC has to give out the service ticket) where you have the same
> username existing in multiple realms representing different users. 

This brings up the issue again that it'd be nice to be able to have what
amounts to a '.k5login' in PostgreSQL somehow.  Ideally, this would be
something an idividual user could set up but at good first step would be
to have something along the lines of pg_ident.conf for Kerberos
connections where the admin could implement a mapping.

We should probably also have a configurable option to check the realm or
to not check the realm.  I'd like to look into doing this for 8.2 but,
as usual, I'm not sure I'll have time.  Anyone else looking into this?

	Thanks,

		Stephen

In response to

pgsql-hackers by date

Next:From: Magnus HaganderDate: 2006-02-05 15:57:08
Subject: Re: [HACKERS] Postgres 8.1.x and MIT Kerberos 5
Previous:From: richardDate: 2006-02-05 14:58:46
Subject: Re: Shared memory and memory context question

pgsql-admin by date

Next:From: Magnus HaganderDate: 2006-02-05 15:57:08
Subject: Re: [HACKERS] Postgres 8.1.x and MIT Kerberos 5
Previous:From: Mario SplivaloDate: 2006-02-05 15:06:35
Subject: Pg 7.4 to 8.1 UTF problems

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group