Re: Case insensitive usernames - Mailing list pgsql-hackers

From Magnus Hagander
Subject Re: Case insensitive usernames
Date
Msg-id 6BCB9D8A16AC4241919521715F4D8BCE6C745A@algol.sollentuna.se
Whole thread Raw
In response to Case insensitive usernames  ("Magnus Hagander" <mha@sollentuna.net>)
Responses Re: Case insensitive usernames  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
> > Another way to help in this particular case would be to
> have libpq on
> > win32 only force-lowercase the username IF it was retreived
> from the
> > system (but not when manually specified).
>
> Well, I personally don't care how bizarrely the Win32 port
> behaves ;-) so I won't complain if something like that
> happens.  You should think twice though about whether
> introducing this inconsistency is going to be a net win, or
> whether it'll just move the confusion someplace else.

Windows is case-insensitive to usernames. Always has been, and I really
don't think it's about to change considering M$'s deal with backwards
compatiblity. I doubt if this would surprise anybody - at least anybody
on the win32 platform.

Actualyl, what usually surprises people is that GetUserName() returns
the case of the username *as the user entered it at login*, and *NOT* as
the administrator entered it in the Active Directory. Which can be said
to be a bug depending on how you look at it, but from a "username is
case insensitive" perspective it doesn't matter.

Note that we wouldn't case-change a userid that is actually specified by
the user (in the connectino string, on the commandline to psql).


> > Then if this was done the
> > kerberos username-matching code would just have to be relaxed to be
> > case insensitive (which it really should be, because AFAIK
> kerberos is
> > supposed to be case insensitive),
>
> This however bothers me; it seems like a potential security
> hole (create kerberos principal FOO, use it to break into
> Foo's account).

Actually, to be specific, if you case-fold it he could get into "foo"
but not "Foo".

> Or does kerberos guarantee FOO and Foo are the same?

Did some further checking, and it turns out this depends on the KDC. All
KDCs are required to be case sensitive no the *REALM*. But I can't find
any documented requirements on the principal - just signs that different
KDCs treat it differently. Windows AD KDC for example is insensitive,
whereas I think it looks like MIT is case sensitive.

Which brings me back to thinking a GUC is the way to deal with that -
you'll definitly know what kind of KDC you have when you set up
Kerberos. But perhaps this GUC should be for "permit case-insensitive
kerberos principals" and not "case-insensitive usernames". And it would
just control the comparison between kerberos principal and user-supplied
username. The user-supplied username would still be what's used in any
access to the database, regardless of case.

Reasonable?


//Magnus


pgsql-hackers by date:

Previous
From: Tatsuo Ishii
Date:
Subject: Re: Patch for collation using ICU
Next
From: Thomas Hallgren
Date:
Subject: Re: Oracle Style packages on postgres