| From: | Christian Ullrich <chris(at)chrullrich(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "pgsql-bugs(at)postgresql(dot)org" <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #13854: SSPI authentication failure: wrong realm name used |
| Date: | 2016-01-08 00:59:02 |
| Message-ID: | AM2PR06MB0690EF5311599E0487B93A15D4F60@AM2PR06MB0690.eurprd06.prod.outlook.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-hackers |
* From: Tom Lane [mailto:tgl(at)sss(dot)pgh(dot)pa(dot)us]
> chris(at)chrullrich(dot)net writes:
> > According to the release notes, the default for the "include_realm"
> > option in SSPI authentication was changed from off to on in 9.5 for
> > improved security. However, the authenticated user name, with the
> > option enabled, now includes the NetBIOS domain name, *not* the
> > Kerberos realm name:
> Is this new breakage, or did include_realm=1 fail in the same way for
> your configuration in prior releases?
s/now includes/includes/
I did not use that option before, the same as everyone else, but I checked
9.4.5 just now and it fails in the same way there. The code in auth.c has
not changed significantly since it was introduced, so I assume that it
has behaved like this from the start.
--
Christian
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2016-01-08 02:11:01 | Re: BUG #13594: pg_ctl.exe redirects stderr to Windows Events Log if stderr is redirected to pipe |
| Previous Message | Tom Lane | 2016-01-08 00:53:21 | Re: BUG #13854: SSPI authentication failure: wrong realm name used |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Noah Misch | 2016-01-08 01:27:55 | Re: pg_conversion seems rather strangely defined |
| Previous Message | Tom Lane | 2016-01-08 00:53:21 | Re: BUG #13854: SSPI authentication failure: wrong realm name used |