Re: BUG #13854: SSPI authentication failure: wrong realm name used
| От | Christian Ullrich |
|---|---|
| Тема | Re: BUG #13854: SSPI authentication failure: wrong realm name used |
| Дата | |
| Msg-id | n7blsf$g5n$1@ger.gmane.org обсуждение |
| Ответ на | Re: BUG #13854: SSPI authentication failure: wrong realm name used (Christian Ullrich <chris@chrullrich.net>) |
| Ответы |
Re: BUG #13854: SSPI authentication failure: wrong realm
name used
|
| Список | pgsql-hackers |
* Christian Ullrich wrote: > * Christian Ullrich wrote: > >> * Christian Ullrich wrote: >> >> > According to the release notes, the default for the "include_realm" >> > option in SSPI authentication was changed from off to on in 9.5 for > > > improved security. However, the authenticated user name, with the > > > option enabled, includes the NetBIOS domain name, *not* the Kerberos >> > realm name: > >> Below is a patch to correct this behavior. I suspect it has some >> serious compatibility issues, so I would appreciate feedback. > > Updated patch, sorry. The first one worked by accident only. Another update. This time even the documentation builds. One thing I'm fairly sure I need advice on is error handling and/or error codes. Right now I use ERROR_INVALID_ROLE_SPECIFICATION just about everywhere (because the surrounding SSPI code does as well), and that is probably not the best choice in some places. -- Christian
В списке pgsql-hackers по дате отправления: