| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Magnus Hagander" <mha(at)sollentuna(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Case insensitive usernames |
| Date: | 2005-05-10 13:58:07 |
| Message-ID: | 9910.1115733487@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Magnus Hagander" <mha(at)sollentuna(dot)net> writes:
> Which brings me back to thinking a GUC is the way to deal with that -
> you'll definitly know what kind of KDC you have when you set up
> Kerberos. But perhaps this GUC should be for "permit case-insensitive
> kerberos principals" and not "case-insensitive usernames". And it would
> just control the comparison between kerberos principal and user-supplied
> username. The user-supplied username would still be what's used in any
> access to the database, regardless of case.
That would work for me as long as the default is case-sensitive; the
other seems too likely to be a security hazard. (And it had better be
documented that way, too: "DO NOT turn this on unless you are certain
you are using a case-insensitive KDC.")
What will we call the GUC? kerberos_case_insensitive_principals
seems a bit, um, verbose.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mark Cave-Ayland | 2005-05-10 14:13:48 | Re: Cost of XLogInsert CRC calculations |
| Previous Message | Hannu Krosing | 2005-05-10 13:44:04 | Re: Table Partitioning, Part 1 |