brian@fluggo.com writes:
> The short version is that Postgres requires two user names when using
> GSSAPI/SSPI: one from the startup packet, and one from the Kerberos ticket,
> and if these don't match exactly, the login fails. It's generally impossible
> to determine the correct user name to send in the startup packet.
> I think Postgres should either not require or ignore the user name in the
> startup packet for these two login types.
If we did that, wouldn't it mean that anyone with a working Kerberos login
could log in as *any* database user? Even a superuser?
I'm prepared to grant that we might need to change the behavior somehow,
but it seems like not requiring any connection at all between the Kerberos
principal name and the database user name would be entirely unsafe.
regards, tom lane