Hi,
I have some code that I've been using in production that supports adding and authenticating Windows groups via the pg_ident file. It has a new indicator (+), that signifies the identifier is a Windows group, as in the following example:
# MAPNAME SYSTEM-USERNAME PG-USERNAME
"Users" "+User group" postgres
A new function was added to test if a user token is in the windows group:
/*
* Check if the user (sspiToken) is a member of the specified group
*/
static BOOL
sspi_user_is_in_group(HANDLE sspiToken, LPCTSTR groupName)
I wanted to share this as a patch for the latest, as soon as I port it to v12. Does this sound reasonable?
thanks,
Russell
