| From: | Christian Ullrich <chris(at)chrullrich(dot)net> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #13854: SSPI authentication failure: wrong realm name used |
| Date: | 2016-01-15 20:46:53 |
| Message-ID: | n7blsf$g5n$1@ger.gmane.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-hackers |
* Christian Ullrich wrote:
> * Christian Ullrich wrote:
>
>> * Christian Ullrich wrote:
>>
>> > According to the release notes, the default for the "include_realm"
>> > option in SSPI authentication was changed from off to on in 9.5 for
> > > improved security. However, the authenticated user name, with the
> > > option enabled, includes the NetBIOS domain name, *not* the Kerberos
>> > realm name:
>
>> Below is a patch to correct this behavior. I suspect it has some
>> serious compatibility issues, so I would appreciate feedback.
>
> Updated patch, sorry. The first one worked by accident only.
Another update. This time even the documentation builds.
One thing I'm fairly sure I need advice on is error handling and/or
error codes. Right now I use ERROR_INVALID_ROLE_SPECIFICATION just about
everywhere (because the surrounding SSPI code does as well), and that is
probably not the best choice in some places.
--
Christian
| Attachment | Content-Type | Size |
|---|---|---|
| sspi-real-realm.patch | text/plain | 7.2 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2016-01-15 21:14:38 | Re: BUG #13871: Format '%2f' invalid or incompatible with argument |
| Previous Message | Christoph Berg | 2016-01-15 20:12:41 | Re: BUG #13867: apt.postgresql.org broken for postgresql-server-dev-9.4 and libpq-dev |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2016-01-15 21:02:13 | Re: checkpointer continuous flushing |
| Previous Message | Tom Lane | 2016-01-15 19:54:14 | Re: Expanded Object Header and Flat Cache |