Re: PATCH: Add GSSAPI ccache_name option to libpq - Mailing list pgsql-hackers

From Dave Page
Subject Re: PATCH: Add GSSAPI ccache_name option to libpq
Date
Msg-id CA+OCxoxa6g7+dmboJ=t_vBQvLMA4z6USZWiDfJwX4Wh=sJbBkg@mail.gmail.com
Whole thread Raw
In response to Re: PATCH: Add GSSAPI ccache_name option to libpq  (Daniel Carter <danielchriscarter+postgres@gmail.com>)
List pgsql-hackers
Hi

On Tue, Apr 20, 2021 at 8:44 PM Daniel Carter <danielchriscarter+postgres@gmail.com> wrote:
Hi Stephen,

On 20/04/2021 20:01, Stephen Frost wrote:
> I'm not necessarily against this, but typically the GSSAPI library
> provides a way for you to control this using, eg, the KRB5_CCACHE
> environment variable.  Is there some reason why that couldn't be used..?

The original motivation for investigating this was setting up a web app
which could authenticate to a database server using a Kerberos ticket.
Since the web framework already needs to create a connection string
(with database name etc.) to set up the database connection, having an
option here for the ccache location makes it much more straightforward
to specify than having to save data out to environment variables (and
makes things cleaner if there are potentially multiple database
connections going on at once in different processes).

Yes, that's why we'd like it for pgAdmin. When dealing with a multi-threaded application it becomes a pain keeping credentials for different users separated; a lot more mucking about with mutexes etc. If we could specify the credential cache location in the connection string, it would be much easier (and likely more performant) to securely keep individual caches for each user.
 

There may well be a better way of going about this -- it's just that I
can't currently see an obvious way to get this kind of setup working
using only the environment variable.

Many thanks,
Daniel




--

pgsql-hackers by date:

Previous
From: "houzj.fnst@fujitsu.com"
Date:
Subject: RE: [bug?] Missed parallel safety checks, and wrong parallel safety
Next
From: SATYANARAYANA NARLAPURAM
Date:
Subject: Re: Synchronous commit behavior during network outage