* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Right offhand I like the idea of pushing it into connectOptions2 --- can
> you experiment with that? Seems like there is no reason to call
> Kerberos if the user supplies the name to connect as.
Patch attached. After looking through the code around this I discovered
that conninfo_parse is also called by PQconndefaults. This patch
changes the 'default' returned for user to NULL (instead of whatever
pg_fe_getauthname returns). This is probably better than not calling
Kerberos in pg_fe_getauthname and potentially returning the wrong thing
(if the username doesn't match the princ, a common situation), but it
might break existing applications. Are those applications wrong to be
asking libpq to provide what it thinks the username is when asking for
the defaults? I'd say probably yes, but then we don't provide another
way for them to get it either.
Patch tested w/ 'trust', 'ident', 'md5' and 'krb5' methods from psql.
Enjoy,
Stephen