Stephen Frost wrote: > Magnus, et al, > > * Magnus Hagander (mag...@hagander.net) wrote: >> Looking at the open item about the new error message shown when Kerberos >> is compiled in, and not used: >> assword: >> FATAL: password authentication failed for user "mha" >> psql: pg_krb5_init: krb5_cc_get_principal: No credentials cache found >> FATAL: password authentication failed for user "mha" > > That is annoying, I can understand that. > >> The reason this is happening is that we are initializing Kerberos even >> if we're not going to use it. The reason for doing *this*, is that if >> kerberos is compiled in, we use it to find out if we should try a >> different username than the one logged in to the local system - we look >> at the kerberos login. > > This made sense before we had mappings support because the only user you > could possibly be in PG is the one you authenticated as. > >> We don't do this for any other login, including kerberos over GSSAPI. >> AFAIK, we've heard no complaints. > > Well, I havn't moved all my systems to GSSAPI yet.. :) > >> Thoughts? > > Now that we have support for mappings, I expect it will be more common > for a user to authenticate with princ 'A' and then connect using their > Unix id 'B' to a PG user 'B'. As such, I'm alright with dropping > support for this. Users can always use -U (or equiv) if necessary.
I have applied this version of the patch. //Magnus -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
