pg_hba options parsing

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: pg_hba options parsing
Date: 2008-09-30 18:36:53
Message-ID: 48E271C5.7010907@hagander.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

This patch changes the options field of pg_hba.conf to take name/value
pairs instead of a fixed string. This makes it a lot nicer to deal with
auth methods that need more than one parameter, such as LDAP.

While at it, it also adds map support to kerberos, gssapi and sspi and
not just ident - basically all methods where the username comes from an
outside source (lmk if I missed one).

Also in passing, changes the methods in auth.c to deal with "unsupported
auth method on this platform" errors the same way for all authentication
methods.

I intend to build on this patch to support setting some
Kerberos/GSSAPI/SSPI parameters on a per-connection base, but wanted to
get the basics in first.

Obviously, documentation still pending. I'm working on that in parallel.

So, comments? Both in general, and specifically on if we need to do
backwards compatible parsing of LDAP options (doing it of all the other
options would be trivial, but LDAP would be harder)

//Magnus

Attachment Content-Type Size
hba_format.patch text/x-diff 28.5 KB

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2008-09-30 18:43:26 Re: Block-level CRC checks
Previous Message Jonah H. Harris 2008-09-30 18:33:04 Re: Block-level CRC checks