Magnus Hagander <[EMAIL PROTECTED]> writes: > Another option would be not to call the kerberos code there at all. All > other authentication methods that take the userid externally (gssapi, > sspi, ident) require the user to specify the name to connect as if it's > different from the one in the operating system. I think that's a very > uncommon scenario in any case - almost everybody will be using whatever > userid is used in the system, when using Kerberos.
Hmm, that's an interesting alternative. I like it because it takes away some useless connection-startup overhead in the common case where you're using a Kerberos-enabled library but Kerberos isn't set up on the system. Another possible argument in favor is that it's bogus to ask Kerberos for the username unless the actual auth method is Kerberos --- which is something libpq can't know at that point. OTOH, that code was put in deliberately. It might be a good idea to troll the archives and see if we can find out the rationale for it. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers