| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Open item: kerberos warning message |
| Date: | 2009-01-08 15:41:57 |
| Message-ID: | 49661EC5.9040602@hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Looking at the open item about the new error message shown when Kerberos
is compiled in, and not used:
assword:
FATAL: password authentication failed for user "mha"
psql: pg_krb5_init: krb5_cc_get_principal: No credentials cache found
FATAL: password authentication failed for user "mha"
The reason this is happening is that we are initializing Kerberos even
if we're not going to use it. The reason for doing *this*, is that if
kerberos is compiled in, we use it to find out if we should try a
different username than the one logged in to the local system - we look
at the kerberos login.
We don't do this for any other login, including kerberos over GSSAPI.
AFAIK, we've heard no complaints.
I see two ways to fix this, and have attached two patches:
1) Remove the support for getting this username. AFAIK, it's not even
documented. [krberror_remove.patch]
2) Suppress the error message when called from this location. If
Kerberos is actually used, we'll get the error message again later and
show it then. [krberror_suppress.patch]
Thoughts?
//Magnus
| Attachment | Content-Type | Size |
|---|---|---|
| krberror_remove.patch | text/x-diff | 2.5 KB |
| krberror_suppress.patch | text/x-diff | 4.1 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Fetter | 2009-01-08 15:46:19 | Re: about truncate |
| Previous Message | Tom Lane | 2009-01-08 15:37:21 | Re: Proposal: new border setting in psql |