Skip site navigation (1) Skip section navigation (2)

Re: Patch to add Heimdal kerberos support

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Bill Studenmund <wrstuden(at)netbsd(dot)org>
Cc: pgsql-patches(at)postgresql(dot)org
Subject: Re: Patch to add Heimdal kerberos support
Date: 2001-11-13 00:14:05
Message-ID: 29385.1005610445@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-patches
Bill Studenmund <wrstuden(at)netbsd(dot)org> writes:
> I think the point is this test and the code after it makes sure that your
> kerberos and your postgres usernames match. I think that's VERY important.
> Otherwise I could log into kerberos as wrstuden and access postgres as
> user tgl. That seems BAD to me. :-)

Well, it's not clear to me.  Where did the ticket come from?  Perhaps
we've already determined that you are who you say you are just by being
able to acquire the ticket.  Even more to the point are the comments in
front of the pg_an_to_ln subroutine: sure, we may be comparing against
*something* extracted from the ticket, but it's not at all clear that
it's a username.  Seems like there's lots of potential for BADness in
that.

			regards, tom lane

In response to

Responses

pgsql-patches by date

Next:From: Bruce MomjianDate: 2001-11-13 01:07:02
Subject: Re: [ODBC] MD5 support for ODBC
Previous:From: Bill StudenmundDate: 2001-11-13 00:03:51
Subject: Re: Patch to add Heimdal kerberos support

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group