* Magnus Hagander (mha@xxxxxxxxxxxxxx) wrote: > The *REALM* is not checked, however. This can cause problems if you have > a multi-realm system (where the realms already trust each other, because > the KDC has to give out the service ticket) where you have the same > username existing in multiple realms representing different users. This brings up the issue again that it'd be nice to be able to have what amounts to a '.k5login' in PostgreSQL somehow. Ideally, this would be something an idividual user could set up but at good first step would be to have something along the lines of pg_ident.conf for Kerberos connections where the admin could implement a mapping. We should probably also have a configurable option to check the realm or to not check the realm. I'd like to look into doing this for 8.2 but, as usual, I'm not sure I'll have time. Anyone else looking into this? Thanks, Stephen
Attachment:
signature.asc
Description: Digital signature
