Thread: Bug #890: only one user per process in libpq with krb5 auth
Ed Schaller (schallee@darkmist.net) reports a bug with a severity of 2 The lower the number the more severe it is. Short Description only one user per process in libpq with krb5 auth Long Description Most of the kerberos authentication information used to authenticate a connection to the server with libpq is stored in globalvariables. This has the result that only one user&passwd can be used per process. Although this doesn't seem like a big issue on the surface, it makes things like mod_perl/mod_php + mod_auth_kerb mostlyuseless unless you only have one user. It also can lead to some very odd bugs. I'm afraid I didn't follow this through like I should as this was origionally discussed on pgsql-intefaces last May. Thepatch from them still applies fine though. Sample Code The patch can be found at: http://www.darkmist.net/~schallee/tmp/pgsql-libpq-kerb.patch The authentication code in libpq is rather cludgy in general and this patch doesn't help the situation. If I get board Imay try to rewrite it. No file was uploaded with this report
Is this ready to be applied. It looks fine to me. I want to remove the part of the patch that keeps the old structure definitions at the top, but other than that, it looks good. Is there something that needs improving about it? --------------------------------------------------------------------------- pgsql-bugs@postgresql.org wrote: > Ed Schaller (schallee@darkmist.net) reports a bug with a severity of 2 > The lower the number the more severe it is. > > Short Description > only one user per process in libpq with krb5 auth > > Long Description > Most of the kerberos authentication information used to authenticate a connection to the server with libpq is stored inglobal variables. This has the result that only one user&passwd can be used per process. > > Although this doesn't seem like a big issue on the surface, it makes things like mod_perl/mod_php + mod_auth_kerb mostlyuseless unless you only have one user. It also can lead to some very odd bugs. > > I'm afraid I didn't follow this through like I should as this was origionally discussed on pgsql-intefaces last May. Thepatch from them still applies fine though. > > Sample Code > The patch can be found at: > > http://www.darkmist.net/~schallee/tmp/pgsql-libpq-kerb.patch > > The authentication code in libpq is rather cludgy in general and this patch doesn't help the situation. If I get boardI may try to rewrite it. > > No file was uploaded with this report > > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
OK, please let me know. Thanks. --------------------------------------------------------------------------- Ed Schaller wrote: -- Start of PGP signed section. > > Is this ready to be applied. It looks fine to me. I want to remove the > > part of the patch that keeps the old structure definitions at the top, > > but other than that, it looks good. Is there something that needs > > improving about it? > > I've been working with it a little and it appears that something as > canged and it will need to be redone. I'm fairly busy, but I'll try to > take a look at it this week as this makes some of my systems inoperable. > > > >>>------> > > -- > > +-------------+-----------------------+---------------+ > | Ed Schaller | Dark Mist Networking | psuedoshroom | > +-------------+-----------------------+---------------+ -- End of PGP section, PGP failed! -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
I don't think any of that has changed, if that is what you are asking. --------------------------------------------------------------------------- Ed Schaller wrote: -- Start of PGP signed section. > > OK, please let me know. Thanks. > > I haven't taken the time to check the current state of the > authentication code and am relying on my old work on it. Would it be > worth me taking the time to try to rework it in a better manner? > > >>>------> > > -- > > +-------------+-----------------------+---------------+ > | Ed Schaller | Dark Mist Networking | psuedoshroom | > +-------------+-----------------------+---------------+ -- End of PGP section, PGP failed! -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
> OK, please let me know. Thanks. I haven't taken the time to check the current state of the authentication code and am relying on my old work on it. Would it be worth me taking the time to try to rework it in a better manner? >>>------> -- +-------------+-----------------------+---------------+ | Ed Schaller | Dark Mist Networking | psuedoshroom | +-------------+-----------------------+---------------+
> Is this ready to be applied. It looks fine to me. I want to remove the > part of the patch that keeps the old structure definitions at the top, > but other than that, it looks good. Is there something that needs > improving about it? I've been working with it a little and it appears that something as canged and it will need to be redone. I'm fairly busy, but I'll try to take a look at it this week as this makes some of my systems inoperable. >>>------> -- +-------------+-----------------------+---------------+ | Ed Schaller | Dark Mist Networking | psuedoshroom | +-------------+-----------------------+---------------+