Index: doc/src/sgml/runtime.sgml
===================================================================
RCS file: postgresql-8.0.0rc3/doc/src/sgml/runtime.sgml,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- doc/src/sgml/runtime.sgml 26 Dec 2004 23:06:56 -0000 1.1.1.1
+++ doc/src/sgml/runtime.sgml 3 Jan 2005 23:18:44 -0000 1.2
@@ -952,6 +952,20 @@
+
+ krb_server_hostname (string)
+
+ krb_server_hostname configuration parameter
+
+
+
+ Sets the hostname that service tickets will be obtained against
+ (the default is any accept any service principal in the keytab)
+ for details.
+
+
+
+
db_user_namespace (boolean)
Index: src/backend/libpq/auth.c
===================================================================
RCS file: postgresql-8.0.0rc3/src/backend/libpq/auth.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 auth.c
--- src/backend/libpq/auth.c 31 Dec 2004 21:59:50 -0000 1.1.1.1
+++ src/backend/libpq/auth.c 4 Jan 2005 12:09:45 -0000
@@ -41,6 +41,7 @@
static int recv_and_check_password_packet(Port *port);
char *pg_krb_server_keyfile;
+char *pg_krb_server_hostname = NULL;
#ifdef USE_PAM
#ifdef HAVE_PAM_PAM_APPL_H
@@ -215,19 +216,24 @@
return STATUS_ERROR;
}
- retval = krb5_sname_to_principal(pg_krb5_context, NULL, PG_KRB_SRVNAM,
- KRB5_NT_SRV_HST, &pg_krb5_server);
- if (retval)
- {
- ereport(LOG,
- (errmsg("Kerberos sname_to_principal(\"%s\") returned error %d",
- PG_KRB_SRVNAM, retval)));
- com_err("postgres", retval,
- "while getting server principal for service \"%s\"",
- PG_KRB_SRVNAM);
- krb5_kt_close(pg_krb5_context, pg_krb5_keytab);
- krb5_free_context(pg_krb5_context);
- return STATUS_ERROR;
+ if(pg_krb_server_hostname) {
+ retval = krb5_sname_to_principal(pg_krb5_context,
+ pg_krb_server_hostname, PG_KRB_SRVNAM,
+ KRB5_NT_SRV_HST, &pg_krb5_server);
+ if (retval)
+ {
+ ereport(LOG,
+ (errmsg("Kerberos sname_to_principal(\"%s\") returned error %d",
+ PG_KRB_SRVNAM, retval)));
+ com_err("postgres", retval,
+ "while getting server principal for service \"%s\"",
+ PG_KRB_SRVNAM);
+ krb5_kt_close(pg_krb5_context, pg_krb5_keytab);
+ krb5_free_context(pg_krb5_context);
+ return STATUS_ERROR;
+ }
+ } else {
+ pg_krb5_server = NULL;
}
pg_krb5_initialised = 1;
Index: src/backend/utils/misc/guc.c
===================================================================
RCS file: postgresql-8.0.0rc3/src/backend/utils/misc/guc.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- src/backend/utils/misc/guc.c 20 Dec 2004 18:15:07 -0000 1.1.1.1
+++ src/backend/utils/misc/guc.c 3 Jan 2005 14:59:45 -0000 1.2
@@ -1546,6 +1546,15 @@
},
{
+ {"krb_server_hostname", PGC_POSTMASTER, CONN_AUTH_SECURITY,
+ gettext_noop("Sets the hostname of the Kerberos server."),
+ NULL
+ },
+ &pg_krb_server_hostname,
+ NULL, NULL, NULL
+ },
+
+ {
{"rendezvous_name", PGC_POSTMASTER, CONN_AUTH_SETTINGS,
gettext_noop("Sets the Rendezvous broadcast service name."),
NULL
Index: src/bin/psql/tab-complete.c
===================================================================
RCS file: postgresql-8.0.0rc3/src/bin/psql/tab-complete.c,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- src/bin/psql/tab-complete.c 24 Dec 2004 15:42:05 -0000 1.1.1.1
+++ src/bin/psql/tab-complete.c 3 Jan 2005 14:59:46 -0000 1.2
@@ -552,6 +552,7 @@
"geqo_threshold",
"join_collapse_limit",
"krb_server_keyfile",
+ "krb_server_hostname",
"lc_messages",
"lc_monetary",
"lc_numeric",
Index: src/include/libpq/auth.h
===================================================================
RCS file: postgresql-8.0.0rc3/src/include/libpq/auth.h,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- src/include/libpq/auth.h 31 Dec 2004 22:03:32 -0000 1.1.1.1
+++ src/include/libpq/auth.h 3 Jan 2005 14:59:47 -0000 1.2
@@ -27,5 +27,6 @@
#define PG_KRB5_VERSION "PGVER5.1"
extern char *pg_krb_server_keyfile;
+extern char *pg_krb_server_hostname;
#endif /* AUTH_H */