Hi, I have some code that I've been using in production that supports adding and authenticating Windows groups via the pg_ident file. It has a new indicator (+), that signifies the identifier is a Windows group, as in the following example:
# MAPNAME SYSTEM-USERNAME PG-USERNAME "Users" "+User group" postgres A new function was added to test if a user token is in the windows group: /* * Check if the user (sspiToken) is a member of the specified group */ static BOOL sspi_user_is_in_group(HANDLE sspiToken, LPCTSTR groupName) I wanted to share this as a patch for the latest, as soon as I port it to v12. Does this sound reasonable? thanks, Russell
