Home > mailing lists

Re: BUG #13854: SSPI authentication failure: wrong realm name used - Mailing list pgsql-hackers

From	Christian Ullrich
Subject	Re: BUG #13854: SSPI authentication failure: wrong realm name used
Date	January 15, 2016 23:47:28
Msg-id	n7blsf$g5n$1@ger.gmane.org Whole thread Raw
In response to	Re: BUG #13854: SSPI authentication failure: wrong realm name used (Christian Ullrich <chris@chrullrich.net>)
Responses	Re: BUG #13854: SSPI authentication failure: wrong realm name used
List	pgsql-hackers

Tree view

* Christian Ullrich wrote:

> * Christian Ullrich wrote:
>
>> * Christian Ullrich wrote:
>>
>> > According to the release notes, the default for the "include_realm"
>> > option in SSPI authentication was changed from off to on in 9.5 for
>  > > improved security. However, the authenticated user name, with the
>  > > option enabled, includes the NetBIOS domain name, *not* the Kerberos
>> > realm name:
>
>> Below is a patch to correct this behavior. I suspect it has some
>> serious compatibility issues, so I would appreciate feedback.
>
> Updated patch, sorry. The first one worked by accident only.

Another update. This time even the documentation builds.

One thing I'm fairly sure I need advice on is error handling and/or 
error codes. Right now I use ERROR_INVALID_ROLE_SPECIFICATION just about 
everywhere (because the surrounding SSPI code does as well), and that is 
probably not the best choice in some places.

-- 
Christian

pgsql-hackers by date:

From: Tom Lane
Date: 15 January 2016, 22:54:21
Subject: Re: Expanded Object Header and Flat Cache

From: Andres Freund
Date: 16 January 2016, 00:02:32
Subject: Re: checkpointer continuous flushing

Re: BUG #13854: SSPI authentication failure: wrong realm name used - Mailing list pgsql-hackers

Previous

Next