Skip site navigation (1) Skip section navigation (2)

Re: [HACKERS] Postgres 8.1.x and MIT Kerberos 5

From: "Magnus Hagander" <mha(at)sollentuna(dot)net>
To: "Stephen Frost" <sfrost(at)snowman(dot)net>
Cc: "Mohan Anon" <mohan(dot)anon(at)gmail(dot)com>,<pgsql-hackers(at)postgresql(dot)org>, <pgsql-admin(at)postgresql(dot)org>
Subject: Re: [HACKERS] Postgres 8.1.x and MIT Kerberos 5
Date: 2006-02-05 15:57:08
Message-ID: 6BCB9D8A16AC4241919521715F4D8BCE92EA40@algol.sollentuna.se (view raw or flat)
Thread:
Lists: pgsql-adminpgsql-hackers
> > The *REALM* is not checked, however. This can cause problems if you 
> > have a multi-realm system (where the realms already trust 
> each other, 
> > because the KDC has to give out the service ticket) where 
> you have the 
> > same username existing in multiple realms representing 
> different users.
> 
> This brings up the issue again that it'd be nice to be able 
> to have what amounts to a '.k5login' in PostgreSQL somehow.  
> Ideally, this would be something an idividual user could set 
> up but at good first step would be to have something along 
> the lines of pg_ident.conf for Kerberos connections where the 
> admin could implement a mapping.
> 
> We should probably also have a configurable option to check 
> the realm or to not check the realm.  I'd like to look into 
> doing this for 8.2 but, as usual, I'm not sure I'll have 
> time.  Anyone else looking into this?

They're both on my personal TODO (not .k5login, but a
pg_ident-kind-of-mapping), but with the same disclaimer as you - I don't
know if I'll have enough time.

//Magnus

pgsql-hackers by date

Next:From: Tom LaneDate: 2006-02-05 16:02:47
Subject: Re: drop if exists remainder
Previous:From: Stephen FrostDate: 2006-02-05 15:51:56
Subject: Re: [HACKERS] Postgres 8.1.x and MIT Kerberos 5

pgsql-admin by date

Next:From: lrotgerDate: 2006-02-06 10:05:05
Subject: Actual expression of a constraint
Previous:From: Stephen FrostDate: 2006-02-05 15:51:56
Subject: Re: [HACKERS] Postgres 8.1.x and MIT Kerberos 5

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group