On Tue, Jul 21, 2009 at 16:06, Tom Lane<tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> On Tue, Jul 21, 2009 at 15:58, Tom Lane<tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>> Are you not describing a behavior that you yourself removed in 8.4,
>>> ie the libpq code that looked aside at Kerberos for a username?
>> Yes, partially I am :-)
>> But it was not documented, and done in a fairly hackish way. If we
>> want it, it should work the same for *all* external authentication
>> methods (where it would be possible).
> Well, the problem with it of course was that it happened even when the
> selected auth method was not Kerberos.
That was the core problem, yes. IIRC there were some other minor
issues with it as well.
>> Doing it on the client presents a certain challenge
> Yup, you would need a protocol change that would allow the client to
> change its mind about what the username was after it got the auth
> challenge. And then what effects does that have on username-sensitive
> pg_hba.conf decisions? We go back and change our minds about the
> challenge type, perhaps? The whole thing seems like a nonstarter to me.
"challenge type"? Not sure I understand what you are referring to here.
In response to
pgsql-hackers by date
|Next:||From: Andreas Wenk||Date: 2009-07-22 10:45:45|
|Subject: Re: psql - small fix in \du|
|Previous:||From: Laurent Laborde||Date: 2009-07-22 08:54:02|
|Subject: Re: Higher TOAST compression.|