Tom Lane <[EMAIL PROTECTED]> writes: > Orion Henry <[EMAIL PROTECTED]> writes: > > It appears to be faulting on a kerberos call which is odd because I > > don't use kerberos for anything. > > I was a bit surprised to realize that if you compile Kerberos support at > all, libpq will try to get a user name from Kerberos in preference to > using getpwuid(). This strikes me as odd and surprising behavior. > There's certainly no security reason for it, since we are only getting > a default user name that can be trivially overridden.
Harumph. I reported this about a year ago: http://archives.postgresql.org/pgsql-general/2002-12/msg00740.php I'm not sure it can be fixed by just not setting the default username though. In fact I think there's something a little backwards about deciding on a default username in advance and then trying various authentication methods. In my case I have a kerberos principal [EMAIL PROTECTED] and a local username of "stark". It seems like it should try to do the kerberos authentication as username "gsstark" (or even "[EMAIL PROTECTED]" since the realm is significant). And if that fails, then it should try to log in as "stark" using unix userid authentication. The only fear I have with that direction is that it makes things a bit unpredictable. I could see it being weird having scripts randomly fail because they logged in as the wrong user if the tickets happened to have expired or the network goes down. -- greg ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
