From: | Peter Koczan <pjkoczan(at)gmail(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal |
Date: | 2009-05-28 19:07:17 |
Message-ID: | 4544e0330905281207w7929b16fl16a0eae7709ace3f@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On Thu, May 28, 2009 at 1:30 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Peter Koczan <pjkoczan(at)gmail(dot)com> writes:
>> It was rather convenient to know that whatever Kerberos principal was
>> used was going to be the database user.
>
> Isn't that still true? (Modulo the auth.c bug fix of course.) The only
> issue here is where the default guess for a not-explicitly-specified
> username comes from, not whether you'll be allowed to connect or not.
That's what I meant. It was convenient to have the default guess be
the Kerberos principal for krb5/gss connections. This is still the
case in the vast majority of connections, so it's probably not worth
bending over backwards to satisfy these edge cases.
Sorry for the confusion.
Peter
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Koczan | 2009-05-28 19:09:42 | Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal |
Previous Message | Silvano de Souza | 2009-05-28 19:00:36 | BUG #4827: install |