Re: Including kerberos realm - Mailing list pgsql-hackers

From Magnus Hagander
Subject Re: Including kerberos realm
Date
Msg-id 49672351.1030802@hagander.net
Whole thread Raw
In response to Re: Including kerberos realm  (Magnus Hagander <magnus@hagander.net>)
Responses Re: Including kerberos realm
List pgsql-hackers
Magnus Hagander wrote:
> Tom Lane wrote:
>> Magnus Hagander <magnus@hagander.net> writes:
>>> Alvaro Herrera wrote:
>>>> Not that this affects me in any way, but should there be a GUC variable
>>>> to set the default behavior system-wide?
>>> I thought about that, but I don't want to add extra gucs without a good
>>> reason. You'd typically not have very many different lines in pg_hba for
>>> this, and just duplicating the parameter there would be ok I think.
>>> I'd rather move more of the krb parameters to be *just* in pg_hba.conf,
>>> but for now I left those in postgresql.conf as fallbacks..
>> If you think those parameters would make more sense in pg_hba.conf,
>> let's just move them and be done with it.  There has never been any
>> intention that administrator-only GUCs would be promised compatible
>> across versions.  And the GUC mechanism is really rather a lot of
>> overhead compared to options on a pg_hba line ...
> 
> Well, it does make sense to have defaults in postgresql.conf - but I
> don't think it's worth the overhead.
> 
> I'll commit the stuff I have for now and put it on my TODO to remove
> them completely from postgresql.conf later. I'll see if I have time to
> get it done for 8.4.

Ok, I've applied a patch for this for the parameter krb_realm and
krb_server_hostname, which are the ones that currently supported both.

Should we also consider moving the remaining ones there?
(krb_server_keyfile, krb_srvname, krb_caseinsens_users)

They do make sense to set on a per-server basis, on the other hand they
are the only remaining authentication-method-specific parameters left...

//Magnus


pgsql-hackers by date:

Previous
From: Simon Riggs
Date:
Subject: Re: Hot standby, slot ids and stuff
Next
From: Heikki Linnakangas
Date:
Subject: Re: Hot standby, slot ids and stuff