On Thu, Apr 22, 2021 at 1:55 AM Stephen Frost wrote:
> Greetings,
>
> * Daniel Carter (danielchriscarter+postg...@gmail.com) wrote:
> > On 21/04/2021 18:40, Stephen Frost wrote:
> > >I surely hope that the intent here is to use Negotiate / SPNEGO to
> > >authenticate the user who is connecting to
Greetings,
* Daniel Carter (danielchriscarter+postg...@gmail.com) wrote:
> On 21/04/2021 18:40, Stephen Frost wrote:
> >I surely hope that the intent here is to use Negotiate / SPNEGO to
> >authenticate the user who is connecting to the webserver and then have
> >credentials delegated (ideally thr
Hi Stephen,
On 21/04/2021 18:40, Stephen Frost wrote:
I surely hope that the intent here is to use Negotiate / SPNEGO to
authenticate the user who is connecting to the webserver and then have
credentials delegated (ideally through constrained credential
delegation..) to the web server by the use
Greetings,
* Daniel Carter (danielchriscarter+postg...@gmail.com) wrote:
> On 20/04/2021 20:01, Stephen Frost wrote:
> >I'm not necessarily against this, but typically the GSSAPI library
> >provides a way for you to control this using, eg, the KRB5_CCACHE
> >environment variable. Is there some re
On 2021-Apr-20, Daniel Carter wrote:
> +#ifdef ENABLE_GSS
> + {"ccache_name", NULL, NULL, NULL,
> + "Credential-cache-name", "", 64,
> + offsetof(struct pg_conn, ccache_name)},
> +#endif
I think it would be better that this option name includes "gss"
somewhere, and perhaps eve
Hi
On Tue, Apr 20, 2021 at 8:44 PM Daniel Carter <
danielchriscarter+postg...@gmail.com> wrote:
> Hi Stephen,
>
> On 20/04/2021 20:01, Stephen Frost wrote:
> > I'm not necessarily against this, but typically the GSSAPI library
> > provides a way for you to control this using, eg, the KRB5_CCACHE
On Tue, Apr 20, 2021 at 08:44:23PM +0100, Daniel Carter wrote:
> The original motivation for investigating this was setting up a web app
> which could authenticate to a database server using a Kerberos ticket. Since
> the web framework already needs to create a connection string (with database
> na
Hi Stephen,
On 20/04/2021 20:01, Stephen Frost wrote:
I'm not necessarily against this, but typically the GSSAPI library
provides a way for you to control this using, eg, the KRB5_CCACHE
environment variable. Is there some reason why that couldn't be used..?
The original motivation for invest
Greetings,
* Daniel Carter (danielchriscarter+postg...@gmail.com) wrote:
> This is a small patch (against master) to allow an application using libpq
> with GSSAPI authentication to specify where to fetch the credential cache
> from -- it effectively consists of a new field in PQconninfoOptions to
Hi Aleksander,
On 20/04/2021 11:30, Aleksander Alekseev wrote:
Hi Daniel,
It's my first go at submitting a patch -- it works as far as I can tell,
but I suspect there will probably still be stuff to fix before it's
ready to use!
You are doing great :)
Thanks for the encouragement!
There
Hi
On Tue, Apr 20, 2021 at 10:37 AM Daniel Carter <
danielchriscarter+postg...@gmail.com> wrote:
> Hi,
>
> This is a small patch (against master) to allow an application using
> libpq with GSSAPI authentication to specify where to fetch the
> credential cache from -- it effectively consists of a
Hi Daniel,
> It's my first go at submitting a patch -- it works as far as I can tell,
> but I suspect there will probably still be stuff to fix before it's
> ready to use!
You are doing great :)
> As far as I'm concerned this is working (the code compiles successfully
> following "./configure --
Hi,
This is a small patch (against master) to allow an application using
libpq with GSSAPI authentication to specify where to fetch the
credential cache from -- it effectively consists of a new field in
PQconninfoOptions to store this data and (where the user has specified a
ccache location)
13 matches
Mail list logo
