| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Russell Foster <russell(dot)foster(dot)coding(at)gmail(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [Patch] Using Windows groups for SSPI authentication |
| Date: | 2020-10-13 17:15:08 |
| Message-ID: | 3480030.1602609308@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Russell Foster <russell(dot)foster(dot)coding(at)gmail(dot)com> writes:
> I have some code that I've been using that supports adding and
> authenticating Windows groups via the pg_ident file. This is useful for
> sysadmins as it lets them control database access outside the database
> using Windows groups. It has a new
> indicator (+), that signifies the identifier is a Windows group, as in the
> following example:
> # MAPNAME SYSTEM-USERNAME PG-USERNAME
> "Users" "+User group" postgres
While I don't object to adding functionality to access Windows groups,
I do object to using syntax that makes random assumptions about what a
user name can or can't be.
There was a prior discussion of this in the context of some other patch
that had a similar idea. [ digs in archives... ] Ah, here it is:
https://www.postgresql.org/message-id/flat/4ba3ad54-bb32-98c6-033a-ccca7058fc2f%402ndquadrant.com
It doesn't look like we arrived at any firm consensus about what to
do instead, but maybe you can find some ideas there.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2020-10-13 17:23:09 | Re: lost replication slots after pg_upgrade |
| Previous Message | Bruce Momjian | 2020-10-13 16:57:44 | Re: lost replication slots after pg_upgrade |