On Thu, May 28, 2009 at 1:30 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Peter Koczan <pjkoczan@gmail.com> writes:
>> It was rather convenient to know that whatever Kerberos principal was
>> used was going to be the database user.
>
> Isn't that still true? =A0(Modulo the auth.c bug fix of course.) =A0The o=
nly
> issue here is where the default guess for a not-explicitly-specified
> username comes from, not whether you'll be allowed to connect or not.
That's what I meant. It was convenient to have the default guess be
the Kerberos principal for krb5/gss connections. This is still the
case in the vast majority of connections, so it's probably not worth
bending over backwards to satisfy these edge cases.
Sorry for the confusion.
Peter