On Thu, May 28, 2009 at 2:07 PM, Peter Koczan <pjkoczan(at)gmail(dot)com> wrote:
> On Thu, May 28, 2009 at 1:30 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> Peter Koczan <pjkoczan(at)gmail(dot)com> writes:
>>> It was rather convenient to know that whatever Kerberos principal was
>>> used was going to be the database user.
>> Isn't that still true? (Modulo the auth.c bug fix of course.) The only
>> issue here is where the default guess for a not-explicitly-specified
>> username comes from, not whether you'll be allowed to connect or not.
> That's what I meant. It was convenient to have the default guess be
> the Kerberos principal for krb5/gss connections. This is still the
> case in the vast majority of connections, so it's probably not worth
> bending over backwards to satisfy these edge cases.
And by "this is still the case", I mean that the principal name and
the username line up and exhibit the same overt behavior. Not that the
principal forces the username.
I need a break. :-)
In response to
pgsql-bugs by date
|Next:||From: alex||Date: 2009-05-28 19:32:52|
|Subject: BUG #4828: Fault a foreign key|
|Previous:||From: Peter Koczan||Date: 2009-05-28 19:07:17|
|Subject: Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal|