On Wed, Jul 22, 2009 at 8:57 AM, Magnus Hagandermag...@hagander.net wrote:
On Wed, Jul 22, 2009 at 14:53, Tom Lanet...@sss.pgh.pa.us wrote:
Magnus Hagander mag...@hagander.net writes:
Yup, you would need a protocol change that would allow the client to
change its mind about what the username
On Tue, Jul 21, 2009 at 16:06, Tom Lanet...@sss.pgh.pa.us wrote:
Magnus Hagander mag...@hagander.net writes:
On Tue, Jul 21, 2009 at 15:58, Tom Lanet...@sss.pgh.pa.us wrote:
Are you not describing a behavior that you yourself removed in 8.4,
ie the libpq code that looked aside at Kerberos for
Magnus Hagander mag...@hagander.net writes:
Yup, you would need a protocol change that would allow the client to
change its mind about what the username was after it got the auth
challenge. And then what effects does that have on username-sensitive
pg_hba.conf decisions? We go back and
On Wed, Jul 22, 2009 at 14:53, Tom Lanet...@sss.pgh.pa.us wrote:
Magnus Hagander mag...@hagander.net writes:
Yup, you would need a protocol change that would allow the client to
change its mind about what the username was after it got the auth
challenge. And then what effects does that have
Sorry for jumping late into this discussion, but I've been out sailing
for a couple of weeks and stayed away from email :-)
On Mon, Jun 29, 2009 at 21:01, Stephen Frostsfr...@snowman.net wrote:
* Lars Kanis (ka...@comcard.de) wrote:
The problem I have, is that I want to use an ordinary windows
Magnus Hagander mag...@hagander.net writes:
That said, if there is a username specified it should not be ignored.
But if there is none specified, it should work. This works reasonably
well today, in that we pick the username up from the environment. But
I can see cases where it would be a lot
On Tue, Jul 21, 2009 at 15:58, Tom Lanet...@sss.pgh.pa.us wrote:
Magnus Hagander mag...@hagander.net writes:
That said, if there is a username specified it should not be ignored.
But if there is none specified, it should work. This works reasonably
well today, in that we pick the username up
Magnus Hagander mag...@hagander.net writes:
On Tue, Jul 21, 2009 at 15:58, Tom Lanet...@sss.pgh.pa.us wrote:
Are you not describing a behavior that you yourself removed in 8.4,
ie the libpq code that looked aside at Kerberos for a username?
Yes, partially I am :-)
But it was not documented,
Am Dienstag, 21. Juli 2009 16:01:01 schrieben Sie:
Doing it on the client presents a certain challenge when it comes to
certificates for example - or really in any case where you need to map
the username to something else. It would be quite convenient to have
that ability controlled from the
Am Montag, 29. Juni 2009 18:12:13 schrieben Sie:
Lars Kanis ka...@comcard.de writes:
The problem I have, is that I want to use an ordinary windows
application, which connects to an arbitrary ODBC data source. This
application stores a fixed username und password for the connection
within
# MAPNAME SYSTEM-USERNAMEPG-USERNAME EFFECTIVE-USERNAME
gssapi-user/^(.*)@domain\.com$simple-role \1
gssapi-user/^use...@domain\.com$ super-roleuser_a
gssapi-user/^use...@domain\.com$ super-roleuser_c
My fault. The lower lines should be:
gssapi-user
Hi all,
this patch adds the possibility to map the login-rolename to a different
rolename actually used for permissions.
What is it used for?
I'm working with smartcard based TLS-authentication to connect to the PG
server. Authentication is done with the keys and certificates from the card
Lars Kanis ka...@comcard.de writes:
this patch adds the possibility to map the login-rolename to a different
rolename actually used for permissions.
This seems like an ugly addition with a very narrow use case. Can't
you accomplish what you want with the existing usermap facility?
Am Montag, 29. Juni 2009 16:26:56 schrieben Sie:
Lars Kanis ka...@comcard.de writes:
this patch adds the possibility to map the login-rolename to a different
rolename actually used for permissions.
This seems like an ugly addition with a very narrow use case. Can't
you accomplish what you
Lars Kanis ka...@comcard.de writes:
The problem I have, is that I want to use an ordinary windows application,
which connects to an arbitrary ODBC data source. This application stores a
fixed username und password for the connection within it's own binary data
file. It doesn't know anything
Lars,
* Lars Kanis (ka...@comcard.de) wrote:
The problem I have, is that I want to use an ordinary windows application,
which connects to an arbitrary ODBC data source. This application stores a
fixed username und password for the connection within it's own binary data
file. It doesn't
16 matches
Mail list logo
