Skip site navigation (1) Skip section navigation (2)

Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal

From: Peter Koczan <pjkoczan(at)gmail(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Magnus Hagander <magnus(at)hagander(dot)net>, pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal
Date: 2009-05-28 19:09:42
Message-ID: 4544e0330905281209p4f336605l80e2d57737e49e86@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-bugs
On Thu, May 28, 2009 at 2:07 PM, Peter Koczan <pjkoczan(at)gmail(dot)com> wrote:
> On Thu, May 28, 2009 at 1:30 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> Peter Koczan <pjkoczan(at)gmail(dot)com> writes:
>>> It was rather convenient to know that whatever Kerberos principal was
>>> used was going to be the database user.
>>
>> Isn't that still true?  (Modulo the auth.c bug fix of course.)  The only
>> issue here is where the default guess for a not-explicitly-specified
>> username comes from, not whether you'll be allowed to connect or not.
>
> That's what I meant. It was convenient to have the default guess be
> the Kerberos principal for krb5/gss connections. This is still the
> case in the vast majority of connections, so it's probably not worth
> bending over backwards to satisfy these edge cases.

And by "this is still the case", I mean that the principal name and
the username line up and exhibit the same overt behavior. Not that the
principal forces the username.

I need a break. :-)

Peter

In response to

pgsql-bugs by date

Next:From: alexDate: 2009-05-28 19:32:52
Subject: BUG #4828: Fault a foreign key
Previous:From: Peter KoczanDate: 2009-05-28 19:07:17
Subject: Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group