Re: [HACKERS] Postgres 8.1.x and MIT Kerberos 5

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Magnus Hagander <mha(at)sollentuna(dot)net>
Cc: Mohan Anon <mohan(dot)anon(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org, pgsql-admin(at)postgresql(dot)org
Subject: Re: [HACKERS] Postgres 8.1.x and MIT Kerberos 5
Date: 2006-02-05 15:51:56
Message-ID: 20060205155156.GA4474@ns.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin pgsql-hackers

* Magnus Hagander (mha(at)sollentuna(dot)net) wrote:
> The *REALM* is not checked, however. This can cause problems if you have
> a multi-realm system (where the realms already trust each other, because
> the KDC has to give out the service ticket) where you have the same
> username existing in multiple realms representing different users.

This brings up the issue again that it'd be nice to be able to have what
amounts to a '.k5login' in PostgreSQL somehow. Ideally, this would be
something an idividual user could set up but at good first step would be
to have something along the lines of pg_ident.conf for Kerberos
connections where the admin could implement a mapping.

We should probably also have a configurable option to check the realm or
to not check the realm. I'd like to look into doing this for 8.2 but,
as usual, I'm not sure I'll have time. Anyone else looking into this?

Thanks,

Stephen

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Magnus Hagander 2006-02-05 15:57:08 Re: [HACKERS] Postgres 8.1.x and MIT Kerberos 5
Previous Message Mario Splivalo 2006-02-05 15:06:35 Pg 7.4 to 8.1 UTF problems

Browse pgsql-hackers by date

  From Date Subject
Next Message Magnus Hagander 2006-02-05 15:57:08 Re: [HACKERS] Postgres 8.1.x and MIT Kerberos 5
Previous Message richard 2006-02-05 14:58:46 Re: Shared memory and memory context question