| From: | Russell Foster <russell(dot)foster(dot)coding(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Cc: | russell(dot)foster(dot)coding(at)gmail(dot)com |
| Subject: | [Patch] Using Windows groups for SSPI authentication |
| Date: | 2020-10-13 13:10:43 |
| Message-ID: | CA+VXQb+xNAHz+6Hy5uh6aYF0RgTVyzo7kpP7WmZ=n3pvWCHb-A@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I have some code that I've been using that supports adding and
authenticating Windows groups via the pg_ident file. This is useful for
sysadmins as it lets them control database access outside the database
using Windows groups. It has a new
indicator (+), that signifies the identifier is a Windows group, as in the
following example:
# MAPNAME SYSTEM-USERNAME PG-USERNAME
"Users" "+User group" postgres
A new function was added to test if a user token is in the windows group:
/*
* Check if the user (sspiToken) is a member of the specified group
*/
static BOOL
sspi_user_is_in_group(HANDLE sspiToken, LPCTSTR groupName)
Attached is the patch.
thanks,
Russell Foster
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Add-support-for-Windows-groups-in-SSPI-authenticatio.patch | application/octet-stream | 9.8 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | gkokolatos | 2020-10-13 13:28:02 | Re: PATCH: Attempt to make dbsize a bit more consistent |
| Previous Message | Hamid Akhtar | 2020-10-13 12:56:35 | Re: Improved Cost Calculation for IndexOnlyScan |