Re: krb5 & multiple users

> I'm a bit confused here --- are the credentials used at all after
> connection setup? If not, your third option seems good.

The credentials are not needed after the connection is set up.

> I'd still say that it sucks to be using static variables at all, even
> during connection setup, since that will fail if someone tries to launch
> two new connections concurrently. So the best bet would be to move the
> variables into PGconn, even if they're not needed after startup.

Yes, static variables like that cause lots of headaches. I'm trying to
use mod_auth_kerb to authenticate users and then use their credentials
to connect to the db. Works great with one user, but the next user who
gets that apache process is SOL.

> I don't understand your statement that this'll require API changes.
> PGconn is not an exported data structure.

The problems that I am running into is that conn is not available in
the functions it needs to be in. For example, fe_getauthname would need
the conn, but it is not available there, nor is it in conninfo_parse
where it is called from. We can pass the conn in for most of these, but
PQconndefaults doesn't have a conn at all and it calls conninfo_parse. I
am thinking that the solution is going to be number three on my list.

>>>------>

--

+-------------+-----------------------+---------------+
| Ed Schaller | schallee(at)darkmist(dot)net | mistymushroom |
+-------------+-----------------------+---------------+