Home > mailing lists

[Patch] Using Windows groups for SSPI authentication - Mailing list pgsql-hackers

From	Russell Foster
Subject	[Patch] Using Windows groups for SSPI authentication
Date	October 13, 2020 16:10:43
Msg-id	CA+VXQb+xNAHz+6Hy5uh6aYF0RgTVyzo7kpP7WmZ=n3pvWCHb-A@mail.gmail.com Whole thread Raw
Responses	Re: [Patch] Using Windows groups for SSPI authentication (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

I have some code that I've been using that supports adding and authenticating Windows groups via the pg_ident file. This is useful for sysadmins as it lets them control database access outside the database using Windows groups. It has a new
indicator (+), that signifies the identifier is a Windows group, as in the following example:

# MAPNAME SYSTEM-USERNAME PG-USERNAME
"Users" "+User group" postgres

A new function was added to test if a user token is in the windows group:

/*
* Check if the user (sspiToken) is a member of the specified group
*/
static BOOL
sspi_user_is_in_group(HANDLE sspiToken, LPCTSTR groupName)

Attached is the patch.

thanks,
Russell Foster

Attachment

0001-Add-support-for-Windows-groups-in-SSPI-authenticatio.patch

pgsql-hackers by date:

From: Hamid Akhtar
Date: 13 October 2020, 15:56:35
Subject: Re: Improved Cost Calculation for IndexOnlyScan

From: gkokolatos@pm.me
Date: 13 October 2020, 16:28:02
Subject: Re: PATCH: Attempt to make dbsize a bit more consistent

[Patch] Using Windows groups for SSPI authentication - Mailing list pgsql-hackers

Attachment

Previous

Next