Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
krb_match_realm patch
- From: Stephen Frost <sfrost(at)snowman(dot)net>
- To: pgsql-hackers(at)postgresql(dot)org
- Subject: krb_match_realm patch
- Date: Thu, 1 Nov 2007 10:41:51 -0400
Greetings, Regarding Magnus' patch for matching against the Kerberos realm- I'd see it as much more useful as a multi-value configuration option. Perhaps 'krb_alt_realms' or 'krb_realms'. This would look like: Match against one, and only one, realm (does not have to be the realm the server is in, that's dealt with seperately): krb_realms = 'ABC.COM' Don't worry about the realm ever: krb_realms = '' # default, to match current krb5 Match against multiple realms: krb_realms = 'ABC.COM, DEF.ABC.COM' Note that using multiple realms implies either no overlap, or that overlap means the same person. Additionally, I feel we should have an explicit 'krb_strip_realm' boolean option to enable this behaviour. If 'krb_strip_realm' is 'false' then the full user(at)REALM would be used. This would mean that more complex cross-realm could also be handled by creating users with user(at)REALM and then just roles when a given user exists in multiple realms. I understand that we're in beta now but both of these are isolated and rather small changes, I believe. Also, Magnus has indicated that he'd be willing to adjust his patch accordingly if this is agreed to (please correct me if I'm wrong here :). Thanks, Stephen
Attachment:
signature.asc
Description: Digital signature
- Follow-Ups:
- Re: krb_match_realm patch
- From: Magnus Hagander
- Re: krb_match_realm patch
- Prev by Date: Special Offer from the Xandria Collection!
- Next by Date: Calculation of a shared memory
- Previous by thread: Special Offer from the Xandria Collection!
- Next by thread: Re: krb_match_realm patch
- Indexes: