On Tue, Jul 21, 2009 at 16:06, Tom Lane<t...@sss.pgh.pa.us> wrote: > Magnus Hagander <mag...@hagander.net> writes: >> On Tue, Jul 21, 2009 at 15:58, Tom Lane<t...@sss.pgh.pa.us> wrote: >>> Are you not describing a behavior that you yourself removed in 8.4, >>> ie the libpq code that looked aside at Kerberos for a username? > >> Yes, partially I am :-) > >> But it was not documented, and done in a fairly hackish way. If we >> want it, it should work the same for *all* external authentication >> methods (where it would be possible). > > Well, the problem with it of course was that it happened even when the > selected auth method was not Kerberos.
That was the core problem, yes. IIRC there were some other minor issues with it as well. >> Doing it on the client presents a certain challenge > > Yup, you would need a protocol change that would allow the client to > change its mind about what the username was after it got the auth > challenge. And then what effects does that have on username-sensitive > pg_hba.conf decisions? We go back and change our minds about the > challenge type, perhaps? The whole thing seems like a nonstarter to me. "challenge type"? Not sure I understand what you are referring to here. -- Magnus Hagander Self: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
