aboutsummaryrefslogtreecommitdiff
path: root/src/backend
diff options
context:
space:
mode:
Diffstat (limited to 'src/backend')
-rw-r--r--src/backend/libpq/auth.c20
-rw-r--r--src/backend/utils/misc/guc.c23
-rw-r--r--src/backend/utils/misc/postgresql.conf.sample5
3 files changed, 39 insertions, 9 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index b941ccd5030..7970f817561 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.123 2005/02/22 04:35:57 momjian Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.124 2005/06/04 20:42:42 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -41,6 +41,8 @@ static char *recv_password_packet(Port *port);
static int recv_and_check_password_packet(Port *port);
char *pg_krb_server_keyfile;
+char *pg_krb_srvnam;
+bool pg_krb_caseins_users;
#ifdef USE_PAM
#ifdef HAVE_PAM_PAM_APPL_H
@@ -99,7 +101,7 @@ pg_krb4_recvauth(Port *port)
status = krb_recvauth(krbopts,
port->sock,
&clttkt,
- PG_KRB_SRVNAM,
+ pg_krb_srvnam,
instance,
&port->raddr.in,
&port->laddr.in,
@@ -219,16 +221,16 @@ pg_krb5_init(void)
return STATUS_ERROR;
}
- retval = krb5_sname_to_principal(pg_krb5_context, NULL, PG_KRB_SRVNAM,
+ retval = krb5_sname_to_principal(pg_krb5_context, NULL, pg_krb_srvnam,
KRB5_NT_SRV_HST, &pg_krb5_server);
if (retval)
{
ereport(LOG,
(errmsg("Kerberos sname_to_principal(\"%s\") returned error %d",
- PG_KRB_SRVNAM, retval)));
+ pg_krb_srvnam, retval)));
com_err("postgres", retval,
"while getting server principal for service \"%s\"",
- PG_KRB_SRVNAM);
+ pg_krb_srvnam);
krb5_kt_close(pg_krb5_context, pg_krb5_keytab);
krb5_free_context(pg_krb5_context);
return STATUS_ERROR;
@@ -264,7 +266,7 @@ pg_krb5_recvauth(Port *port)
return ret;
retval = krb5_recvauth(pg_krb5_context, &auth_context,
- (krb5_pointer) & port->sock, PG_KRB_SRVNAM,
+ (krb5_pointer) & port->sock, "postgres",
pg_krb5_server, 0, pg_krb5_keytab, &ticket);
if (retval)
{
@@ -303,7 +305,11 @@ pg_krb5_recvauth(Port *port)
}
kusername = pg_an_to_ln(kusername);
- if (strncmp(port->user_name, kusername, SM_DATABASE_USER))
+ if (pg_krb_caseins_users)
+ ret = strncasecmp(port->user_name, kusername, SM_DATABASE_USER);
+ else
+ ret = strncmp(port->user_name, kusername, SM_DATABASE_USER);
+ if (ret)
{
ereport(LOG,
(errmsg("unexpected Kerberos user name received from client (received \"%s\", expected \"%s\")",
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index 7f89276b612..3d57509548f 100644
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -10,7 +10,7 @@
* Written by Peter Eisentraut <peter_e@gmx.net>.
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.263 2005/05/27 18:33:30 momjian Exp $
+ * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.264 2005/06/04 20:42:42 momjian Exp $
*
*--------------------------------------------------------------------
*/
@@ -63,6 +63,9 @@
#ifndef PG_KRB_SRVTAB
#define PG_KRB_SRVTAB ""
#endif
+#ifndef PG_KRB_SRVNAM
+#define PG_KRB_SRVNAM ""
+#endif
#define CONFIG_FILENAME "postgresql.conf"
#define HBA_FILENAME "pg_hba.conf"
@@ -860,6 +863,15 @@ static struct config_bool ConfigureNamesBool[] =
#endif
},
+ {
+ {"krb_caseins_users", PGC_POSTMASTER, CONN_AUTH_SECURITY,
+ gettext_noop("Sets if Kerberos user names should be treated case insensitive."),
+ NULL
+ },
+ &pg_krb_caseins_users,
+ false, NULL, NULL
+ },
+
/* End-of-list marker */
{
{NULL, 0, 0, NULL, NULL}, NULL, false, NULL, NULL
@@ -1573,6 +1585,15 @@ static struct config_string ConfigureNamesString[] =
},
{
+ {"krb_srvname", PGC_POSTMASTER, CONN_AUTH_SECURITY,
+ gettext_noop("Sets the name of the Kerberos service."),
+ NULL
+ },
+ &pg_krb_srvnam,
+ PG_KRB_SRVNAM, NULL, NULL
+ },
+
+ {
{"bonjour_name", PGC_POSTMASTER, CONN_AUTH_SETTINGS,
gettext_noop("Sets the Bonjour broadcast service name."),
NULL
diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample
index 0e88d4c5ed0..d54ae5fcfda 100644
--- a/src/backend/utils/misc/postgresql.conf.sample
+++ b/src/backend/utils/misc/postgresql.conf.sample
@@ -64,8 +64,11 @@
#authentication_timeout = 60 # 1-600, in seconds
#ssl = false
#password_encryption = true
-#krb_server_keyfile = ''
#db_user_namespace = false
+# Kerberos
+#krb_server_keyfile = ''
+#krb_caseins_users = false
+#krb_srvname = 'postgres'
#---------------------------------------------------------------------------
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-03 07:30:12 +0000