Skip site navigation (1) Skip section navigation (2)

Re: Postgres 8.1.x and MIT Kerberos 5

From: "Magnus Hagander" <mha(at)sollentuna(dot)net>
To: "Mohan Anon" <mohan(dot)anon(at)gmail(dot)com>
Cc: <pgsql-hackers(at)postgresql(dot)org>, <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Postgres 8.1.x and MIT Kerberos 5
Date: 2006-02-05 12:14:38
Message-ID: 6BCB9D8A16AC4241919521715F4D8BCE92EA3A@algol.sollentuna.se (view raw or flat)
Thread:
Lists: pgsql-adminpgsql-hackers
> Greetings,
>  I was trying to build source build postgres 8.1.x with MIT 
> Kerberos 5 1.4.x implementation.
> The whole thing bombs out. After some digging, I had to hack 
> the autoconf script (configure.in) to properly account for 
> the way the libraries are built for 1.4.x. I don't know 
> whether an earlier post had the same issue. I think it boils 
> down to adding the 'libkrb5support' when all the krb5 libs 
> are checked in the configure script.

(This is better asked in -hackers, I htink, copying there)

What platform is this? I use it with krb5 1.4.3 on Linux (slackware)
without any modifications at all. Perhaps platform specific behaviour? 

The postmaster is linked to libkrb5support, but I only have "-lkrb5" in
my LIBS as generated by configure. However, if I do "ldd" on libkrb5.so
I see that one pulls in libkrb5support.


> On another note, is the kerberos authentication secure, I had 
> searched some old threads, where it was indicated the 
> principal is not checked by the db as a valid user. Is this 
> still the case?

The principal name is definitly checked by the db as a valid user, and
AFAIK it always has been (do you have a reference to where it says it
doesn't?)

The *REALM* is not checked, however. This can cause problems if you have
a multi-realm system (where the realms already trust each other, because
the KDC has to give out the service ticket) where you have the same
username existing in multiple realms representing different users. 

If you're in a single realm, it's definitly secure.

//Magnus

Responses

pgsql-hackers by date

Next:From: richardDate: 2006-02-05 14:03:59
Subject: Shared memory and memory context question
Previous:From: Tom LaneDate: 2006-02-05 05:19:16
Subject: Re: postgresql bug?

pgsql-admin by date

Next:From: Mario SplivaloDate: 2006-02-05 15:06:35
Subject: Pg 7.4 to 8.1 UTF problems
Previous:From: Tom LaneDate: 2006-02-05 03:14:46
Subject: Re: Help

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group