Re: Postgres 8.1.x and MIT Kerberos 5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Greetings,
>  I was trying to build source build postgres 8.1.x with MIT 
> Kerberos 5 1.4.x implementation.
> The whole thing bombs out. After some digging, I had to hack 
> the autoconf script (configure.in) to properly account for 
> the way the libraries are built for 1.4.x. I don't know 
> whether an earlier post had the same issue. I think it boils 
> down to adding the 'libkrb5support' when all the krb5 libs 
> are checked in the configure script.

(This is better asked in -hackers, I htink, copying there)

What platform is this? I use it with krb5 1.4.3 on Linux (slackware)
without any modifications at all. Perhaps platform specific behaviour? 

The postmaster is linked to libkrb5support, but I only have "-lkrb5" in
my LIBS as generated by configure. However, if I do "ldd" on libkrb5.so
I see that one pulls in libkrb5support.


> On another note, is the kerberos authentication secure, I had 
> searched some old threads, where it was indicated the 
> principal is not checked by the db as a valid user. Is this 
> still the case?

The principal name is definitly checked by the db as a valid user, and
AFAIK it always has been (do you have a reference to where it says it
doesn't?)

The *REALM* is not checked, however. This can cause problems if you have
a multi-realm system (where the realms already trust each other, because
the KDC has to give out the service ticket) where you have the same
username existing in multiple realms representing different users. 

If you're in a single realm, it's definitly secure.

//Magnus


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux