|From:||Christian Ullrich <chris(at)chrullrich(dot)net>|
|Subject:||Re: BUG #13854: SSPI authentication failure: wrong realm name used|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
* Christian Ullrich wrote:
> * Christian Ullrich wrote:
>> * Christian Ullrich wrote:
>> > According to the release notes, the default for the "include_realm"
>> > option in SSPI authentication was changed from off to on in 9.5 for
> > > improved security. However, the authenticated user name, with the
> > > option enabled, includes the NetBIOS domain name, *not* the Kerberos
>> > realm name:
>> Below is a patch to correct this behavior. I suspect it has some
>> serious compatibility issues, so I would appreciate feedback.
> Updated patch, sorry. The first one worked by accident only.
Another update. This time even the documentation builds.
One thing I'm fairly sure I need advice on is error handling and/or
error codes. Right now I use ERROR_INVALID_ROLE_SPECIFICATION just about
everywhere (because the surrounding SSPI code does as well), and that is
probably not the best choice in some places.
|Next Message||Andres Freund||2016-01-15 21:02:13||Re: checkpointer continuous flushing|
|Previous Message||Tom Lane||2016-01-15 19:54:14||Re: Expanded Object Header and Flat Cache|
|Next Message||David G. Johnston||2016-01-15 21:14:38||Re: BUG #13871: Format '%2f' invalid or incompatible with argument|
|Previous Message||Christoph Berg||2016-01-15 20:12:41||Re: BUG #13867: apt.postgresql.org broken for postgresql-server-dev-9.4 and libpq-dev|