Re: Case insensitive usernames

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Magnus Hagander" <mha(at)sollentuna(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Case insensitive usernames
Date: 2005-05-09 21:42:00
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

"Magnus Hagander" <mha(at)sollentuna(dot)net> writes:
> Another way to help in this particular case would be to have libpq on
> win32 only force-lowercase the username IF it was retreived from the
> system (but not when manually specified).

Well, I personally don't care how bizarrely the Win32 port behaves ;-)
so I won't complain if something like that happens. You should think
twice though about whether introducing this inconsistency is going to
be a net win, or whether it'll just move the confusion someplace else.

> Then if this was done the
> kerberos username-matching code would just have to be relaxed to be case
> insensitive (which it really should be, because AFAIK kerberos is
> supposed to be case insensitive),

This however bothers me; it seems like a potential security hole (create
kerberos principal FOO, use it to break into Foo's account). Or does
kerberos guarantee FOO and Foo are the same?

regards, tom lane

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2005-05-09 21:44:08 Re: Oracle Style packages on postgres
Previous Message Thomas Hallgren 2005-05-09 21:24:45 Re: Oracle Style packages on postgres