Hi On Tue, Apr 20, 2021 at 10:37 AM Daniel Carter < danielchriscarter+postg...@gmail.com> wrote:
> Hi, > > This is a small patch (against master) to allow an application using > libpq with GSSAPI authentication to specify where to fetch the > credential cache from -- it effectively consists of a new field in > PQconninfoOptions to store this data and (where the user has specified a > ccache location) a call into the gss_krb5_ccache_name function in the > GSSAPI library. > The pgAdmin team would love to have this feature. It would greatly simplify management of multiple connections from different users. > > It's my first go at submitting a patch -- it works as far as I can tell, > but I suspect there will probably still be stuff to fix before it's > ready to use! > > As far as I'm concerned this is working (the code compiles successfully > following "./configure --with-gssapi --enable-cassert", and seems to > work for specifying the ccache location without any noticeable errors). > > I hope there shouldn't be anything platform-specific here (I've been > working on Ubuntu Linux but the only interactions with external > applications are via the GSSAPI library, which was already in use). > > The dispsize value for ccache_name is 64 in this code (which seems to be > what's used with other file-path-like parameters in the existing code) > but I'm happy to have this corrected if it needs a different value -- as > far as I can tell this is just for display purposes rather than anything > critical in terms of actually storing the value? > > If no ccache_name is specified in the connection string then it defaults > to NULL, which means the gss_krb5_ccache_name call is not made and the > current behaviour (of letting the GSSAPI library work out the location > of the ccache) is not changed. > > Many thanks, > Daniel > > -- Dave Page Blog: https://pgsnake.blogspot.com Twitter: @pgsnake EDB: https://www.enterprisedb.com
