| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | pg_hba options parsing |
| Date: | 2008-09-30 18:36:53 |
| Message-ID: | 48E271C5.7010907@hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
This patch changes the options field of pg_hba.conf to take name/value
pairs instead of a fixed string. This makes it a lot nicer to deal with
auth methods that need more than one parameter, such as LDAP.
While at it, it also adds map support to kerberos, gssapi and sspi and
not just ident - basically all methods where the username comes from an
outside source (lmk if I missed one).
Also in passing, changes the methods in auth.c to deal with "unsupported
auth method on this platform" errors the same way for all authentication
methods.
I intend to build on this patch to support setting some
Kerberos/GSSAPI/SSPI parameters on a per-connection base, but wanted to
get the basics in first.
Obviously, documentation still pending. I'm working on that in parallel.
So, comments? Both in general, and specifically on if we need to do
backwards compatible parsing of LDAP options (doing it of all the other
options would be trivial, but LDAP would be harder)
//Magnus
| Attachment | Content-Type | Size |
|---|---|---|
| hba_format.patch | text/x-diff | 28.5 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-09-30 18:43:26 | Re: Block-level CRC checks |
| Previous Message | Jonah H. Harris | 2008-09-30 18:33:04 | Re: Block-level CRC checks |