Greg Stark <gsstark@mit.edu> writes:
> In fact I think there's something a little backwards about deciding on a
> default username in advance and then trying various authentication methods.
Perhaps, but we're stuck with that without a massive (and non backwards
compatible) redesign of the connection protocol. libpq has to send a
connection-request packet that includes the username before it knows
which auth method will be selected. There are people around here who
consider it a feature that pg_hba.conf can base the decision which auth
method to use on the supplied username...
> In my case I have a kerberos principal gsstark@ATHENA.MIT.EDU and a local
> username of "stark".
AFAICS libpq doesn't have any very principled way to choose which of
those to use as default username. But I'd prefer to see it make the
same choice whether it's compiled with kerberos support or not. The
present behavior doesn't seem to me to satisfy the principle of least
astonishment.
In your situation, if you wanted to log in using kerberos authentication
then you'd probably end up setting PGUSER=gsstark to get the right thing
to happen.
regards, tom lane
