Bill Studenmund <wrstuden(at)netbsd(dot)org> writes:
> Attached please find a patch to make Postgres compile with Heimdal krb5
> support. This patch adds a new option, --with-heimdal. "--with-krb5" now
> implies MIT krb5 support.
Couldn't we do this in a way that doesn't require a user configure switch?
--- src/backend/libpq/auth.c 2001/10/28 06:25:44 1.71
+++ src/backend/libpq/auth.c 2001/11/12 22:32:00
@@ -229,7 +229,7 @@
" Kerberos error %d\n", retval);
"while getting server principal for service %s",
This change seems like a step backwards.
@@ -283,8 +283,13 @@
* I have no idea why this is considered necessary.
retval = krb5_unparse_name(pg_krb5_context,
+ retval = krb5_unparse_name(pg_krb5_context,
+ ticket->client, &kusername);
If this is the only code change needed, couldn't we dispense with it
somehow? I notice that the previous authors of this code had grave
doubts about comparing the username at all. I don't know much about
Kerberos' security model --- is the fact that we got a ticket sufficient
authentication, and if not why not?
regards, tom lane
In response to
pgsql-patches by date
|Next:||From: Bill Studenmund||Date: 2001-11-13 00:03:51|
|Subject: Re: Patch to add Heimdal kerberos support |
|Previous:||From: Hiroshi Inoue||Date: 2001-11-12 23:48:03|
|Subject: Re: ALTER TABLE RENAME fix|