Re: krb5 & multiple users

Ed Schaller <schallee+postgres(at)darkmist(dot)net> writes:
> I am trying to connect to the database multiple times with different
> user accounts using kerberos. Unfortunately the current libpq libraries
> keep all of the kerberos credentials and such in static variables that
> are used for all subsequent connections.

Ugh.

> The options I am looking at are:

> Add it to the PGconn structure and pull it in where it is needed. This
> would require some api changes.

> Keep a hash of the usernames in static space and use the right
> credentials for the right user. This would fix the problem, but it would
> require extra data structures that aren't integrated into the rest of
> the library.

> The third option is to just not save credentials at all, but load them
> each time for each connection or new connection. This would probably be
> the simplest, but will require a little more file io and such.

I'm a bit confused here --- are the credentials used at all after
connection setup? If not, your third option seems good.

I'd still say that it sucks to be using static variables at all, even
during connection setup, since that will fail if someone tries to launch
two new connections concurrently. So the best bet would be to move the
variables into PGconn, even if they're not needed after startup.

I don't understand your statement that this'll require API changes.
PGconn is not an exported data structure.

regards, tom lane