The following bug has been logged online:
Bug reference: 4824
Logged by: Peter Koczan
Email address: pjkoczan@gmail.com
PostgreSQL version: 8.4beta2
Operating system: Red Hat Enterprise Linux 5.3
Description: KRB5/GSSAPI authentication fails when user != principal
Details:
When authenticating with Kerberos/GSSAPI, if the Kerberos principal is not
the same as the shell user, authentication fails. For instance, as root (for
local fs access) with other tickets (for database and network fs access).
Note: runauth is our homegrown utility to get stashed kerberos tickets.
[root@mitchell ~]# /s/std/bin/runauth -a -l postgres
/s/postgresql-8.4-beta/bin/psql -h mitchell -p 49173 postgres
psql: FATAL: role "root" does not exist
It appears to assume that the shell user is the user to connect as. However,
using an 8.3 client works as previously expected.
[root@mitchell ~]# /s/std/bin/runauth -a -l postgres
/s/postgresql-8.3/bin/psql -h mitchell -p 49173 postgres
Welcome to psql 8.3.6 (server 8.4beta2), the PostgreSQL interactive
terminal.
...
postgres=# select current_role;
current_user
--------------
postgres
(1 row)
This is a difference on the client side.
Even if this is newly expected behavior, it is a change and I could not find
any reference to it in the release notes.
Peter