Re: krb5 & multiple users - Mailing list pgsql-interfaces

From Ed Schaller
Subject Re: krb5 & multiple users
Date
Msg-id 20020520192042.GC12742@darkmist.net
Whole thread Raw
In response to Re: krb5 & multiple users  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-interfaces
> Hmm.  Can we rearrange things so that fe_getauthname is not called till
> later?  I fail to see why it'd be a good idea to be sucking any kerberos
> info in at all during PQconndefaults, so the above suggests to me that
> we've divided up the operations wrongly.

The best way to do this would be to keep the authentication in PGconn or
a sub-struct of that. Then this could be passed down to any functions
that need the information contained there. The reason that the kerberos
stuff is needed for fe_getauthname is that it is possible for the user
name to only be defined in the kerberos credentials that are available.
The problem is that there is no way to share information between the
fe_sendauth and fe_getauthname as they have no common arguments. This
problem is fixed in this case by the static variables.

Attached is a patch from the default cvs branch that fixes this problem.
It basically follows the third method from my previous email. It will
go and get the kerberos credentials every time fe_getauthname and
fe_sendauth are called. In most cases this will not actually add any
additional overhead.

I have not extensively tested the patch, but it does solve my double
connection test case. If others could test it I would appreciate it.

> BTW you might want to get Bear Giles involved in this, as he seems to be
> thinking hard about authentication issues in libpq.

I'd be happy to. Do you know his email address?

>>>------>

--

+-------------+-----------------------+---------------+
| Ed Schaller | schallee@darkmist.net | mistymushroom |
+-------------+-----------------------+---------------+

Attachment

pgsql-interfaces by date:

Previous
From: Hiroshi Inoue
Date:
Subject: Re: [ODBC] Is there a limit on what can be returned?
Next
From: Arindam Haldar
Date:
Subject: want basic help with C