Home > mailing lists

Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal
Date	May 26, 2009 18:36:01
Msg-id	16479.1243362954@sss.pgh.pa.us Whole thread Raw
In response to	BUG #4824: KRB5/GSSAPI authentication fails when user != principal ("Peter Koczan" <pjkoczan@gmail.com>)
Responses	Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal
List	pgsql-bugs

Tree view

"Peter Koczan" <pjkoczan@gmail.com> writes:
> PostgreSQL version: 8.4beta2
> Description:        KRB5/GSSAPI authentication fails when user != principal

> When authenticating with Kerberos/GSSAPI, if the Kerberos principal is not
> the same as the shell user, authentication fails.
> It appears to assume that the shell user is the user to connect as. However,
> using an 8.3 client works as previously expected.

This is an intentional change.  It is mentioned in the release notes,
though perhaps not too helpfully:

        Make Kerberos connections use the same method to determine the
        username of the client as all other authentication methods (Magnus)

        Previously a special Kerberos-only API was used.

We should probably at least clarify this release note.  Do you want
to make an argument that this is a fundamental breakage and we need
to revert it?  If so, what's the argument?

            regards, tom lane

pgsql-bugs by date:

From: "Peter Koczan"
Date: 26 May 2009, 18:24:02
Subject: BUG #4824: KRB5/GSSAPI authentication fails when user != principal

From: Tom Lane
Date: 26 May 2009, 20:13:08
Subject: Re: BUG #4817: Dump of 8.3 hstore not restorable to 8.4 (RECHECK)

Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal - Mailing list pgsql-bugs

Previous

Next