Home > mailing lists

Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal - Mailing list pgsql-bugs

From	Peter Koczan
Subject	Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal
Date	May 28, 2009 19:10:15
Msg-id	4544e0330905281207w7929b16fl16a0eae7709ace3f@mail.gmail.com Whole thread Raw
In response to	Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal (Peter Koczan <pjkoczan@gmail.com>)
List	pgsql-bugs

Tree view

On Thu, May 28, 2009 at 1:30 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Peter Koczan <pjkoczan@gmail.com> writes:
>> It was rather convenient to know that whatever Kerberos principal was
>> used was going to be the database user.
>
> Isn't that still true? =A0(Modulo the auth.c bug fix of course.) =A0The o=
nly
> issue here is where the default guess for a not-explicitly-specified
> username comes from, not whether you'll be allowed to connect or not.

That's what I meant. It was convenient to have the default guess be
the Kerberos principal for krb5/gss connections. This is still the
case in the vast majority of connections, so it's probably not worth
bending over backwards to satisfy these edge cases.

Sorry for the confusion.

Peter

pgsql-bugs by date:

From: "Silvano de Souza"
Date: 28 May 2009, 19:09:58
Subject: BUG #4827: install

From: Peter Koczan
Date: 28 May 2009, 19:18:31
Subject: Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal

Re: BUG #4824: KRB5/GSSAPI authentication fails when user != principal - Mailing list pgsql-bugs

Previous

Next