On Mon, Feb 24, 2014 at 12:55 PM, Stephen Frost <sfrost@xxxxxxxxxxx> wrote: > * Brian Crowell (brian@xxxxxxxxxx) wrote: >> https://github.com/npgsql/Npgsql/issues/162#issuecomment-35916650 > > Reading through this- can't you use GSSAPI to get the Kerberos princ > found the ticket which is constructed? I'm pretty sure the MIT > libraries support that, at least... I expected I might be able to do that on Linux, but right now I'm trying to work out the Windows non-domain case. > Just as with .k5login, they do *not* have to match, but if they don't > then there needs to be a mapping provided from the Kerberos princ to the > PG username. Check out pg_ident and note that it even supports > regexp's, so you may be able to construct a mapping such that the princ > is mixed case and the login works- provided you send the lowercase'd > username as the PG user to log in as. Unfortunately, in this case I don't even have a wrong-cased username to start with. I have the user name of the logged-in non-domain user, which is not the user name of the domain credentials I'm sending across the network. >> I think Postgres should either not require or ignore the user name in the >> startup packet for these two login types. What do you think? > > We need the username to figure out which auth method we're using... Oh dear. --Brian -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
