On Tue, Jul 21, 2009 at 15:58, Tom Lane<t...@sss.pgh.pa.us> wrote: > Magnus Hagander <mag...@hagander.net> writes: >> That said, if there is a username specified it should not be ignored. >> But if there is none specified, it should work. This works "reasonably >> well" today, in that we pick the username up from the environment. But >> I can see cases where it would be a lot more useful to have it instead >> pick up the username from the authentication system, since they may >> differ. > > Are you not describing a behavior that you yourself removed in 8.4, > ie the libpq code that looked aside at Kerberos for a username?
Yes, partially I am :-) But it was not documented, and done in a fairly hackish way. If we want it, it should work the same for *all* external authentication methods (where it would be possible). Doing it on the client presents a certain challenge when it comes to certificates for example - or really in any case where you need to map the username to something else. It would be quite convenient to have that ability controlled from the server side. We'd have to have some way to communicate down that the username specified was the default one and not a user-specified one (or we're back at overriding), but if the actual mapping could be controlled server-side it would be a lot more convenient. -- Magnus Hagander Self: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
