Re: Kerberos delegation support in libpq and postgres_fdw

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Jacob Champion <pchampion(at)vmware(dot)com>
Cc: "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org>, "magnus(at)hagander(dot)net" <magnus(at)hagander(dot)net>, "peter(dot)eisentraut(at)enterprisedb(dot)com" <peter(dot)eisentraut(at)enterprisedb(dot)com>, "tgl(at)sss(dot)pgh(dot)pa(dot)us" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Subject: Re: Kerberos delegation support in libpq and postgres_fdw
Date: 2022-04-08 12:21:30
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers


* Stephen Frost (sfrost(at)snowman(dot)net) wrote:
> The new krb_user_ccache is a lot closer to 'global', though it's
> specifically for user-authenticated backends (allowing the postmaster
> and other things like replication connections to use whatever the
> credential cache is set to by the administrator on startup), but that
> seems like it makes sense to me- generally you're not going to want
> regular user backends to be accessing the credential cache of the
> 'postgres' unix account on the server.

Added an explicit 'environment' option to allow for, basically, existing
behavior, where we don't mess with the environment variable at all,
though I kept the default as MEMORY since I don't think it's really
typical that folks actually want regular user backends to inherit the
credential cache of the server.

Added a few more tests and updated the documentation too. Sadly, seems
we've missed the deadline for v15 though for lack of feedback on these.
Would really like to get some other folks commenting as these are new
pg_hba and postgresql.conf options being added.



Attachment Content-Type Size
v6-0001-kerberos-delegation.patch text/x-diff 35.9 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Magnus Hagander 2022-04-08 12:28:36 Re: Add parameter jit_warn_above_fraction
Previous Message David Rowley 2022-04-08 12:18:44 Re: Add parameter jit_warn_above_fraction