This patch changes the options field of pg_hba.conf to take name/value
pairs instead of a fixed string. This makes it a lot nicer to deal with
auth methods that need more than one parameter, such as LDAP.
While at it, it also adds map support to kerberos, gssapi and sspi and
not just ident - basically all methods where the username comes from an
outside source (lmk if I missed one).
Also in passing, changes the methods in auth.c to deal with "unsupported
auth method on this platform" errors the same way for all authentication
I intend to build on this patch to support setting some
Kerberos/GSSAPI/SSPI parameters on a per-connection base, but wanted to
get the basics in first.
Obviously, documentation still pending. I'm working on that in parallel.
So, comments? Both in general, and specifically on if we need to do
backwards compatible parsing of LDAP options (doing it of all the other
options would be trivial, but LDAP would be harder)
pgsql-hackers by date
|Next:||From: Tom Lane||Date: 2008-09-30 18:43:26|
|Subject: Re: Block-level CRC checks |
|Previous:||From: Jonah H. Harris||Date: 2008-09-30 18:33:04|
|Subject: Re: Block-level CRC checks|