Skip site navigation (1) Skip section navigation (2)

Re: pg_hba options parsing

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: pg_hba options parsing
Date: 2008-10-11 17:12:43
Message-ID: 48F0DE8B.8030004@hagander.net (view raw or flat)
Thread:
Lists: pgsql-hackers
Magnus Hagander wrote:
> This patch changes the options field of pg_hba.conf to take name/value
> pairs instead of a fixed string. This makes it a lot nicer to deal with
> auth methods that need more than one parameter, such as LDAP.
> 
> While at it, it also adds map support to kerberos, gssapi and sspi and
> not just ident - basically all methods where the username comes from an
> outside source (lmk if I missed one).
> 
> Also in passing, changes the methods in auth.c to deal with "unsupported
> auth method on this platform" errors the same way for all authentication
> methods.
> 
> I intend to build on this patch to support setting some
> Kerberos/GSSAPI/SSPI parameters on a per-connection base, but wanted to
> get the basics in first.
> 
> Obviously, documentation still pending. I'm working on that in parallel.
> 
> 
> So, comments? Both in general, and specifically on if we need to do
> backwards compatible parsing of LDAP options (doing it of all the other
> options would be trivial, but LDAP would be harder)

Updated version of this patch, now with doc changes.

//Magnus


Attachment: hba_options.patch
Description: text/x-diff (50.7 KB)

In response to

pgsql-hackers by date

Next:From: Pavel StehuleDate: 2008-10-11 17:55:44
Subject: Re: patch: array_ndims
Previous:From: dpageDate: 2008-10-11 16:43:58
Subject: Re: About postgresql8.3.3 build in MS VS2005

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group