Todd Kover <kovert@omniscient.com> writes:
>> Why is this necessary?
> It's largely useful in combination with restricting the interfaces
> listened to via the listen_addresses directive in the config file. As
> the code works now you can only connect via kerberos with a service
> principal derived from the hostname of the box rather than any dns name
> associated with any of the box's interfaces.
Hmm. I guess I was confusing this with the --with-krb-srvnam configure
directive, and expecting that it ought to convert that from a
frozen-at-configure value into a run-time-configuration variable.
What is the relationship of these two values, anyway?
The documentation additions are pretty poor in both proposed patches;
they do nothing to clear up any confusion.
regards, tom lane