Hi This is a two part patch against 7.4.5 implementing the option of configuring what is now set using the #defined constant PG_KRB_SRVNAM (the name of the service part of the kerberos principal the server uses).
On the backend it can be configured by the (new) string option krb_srvnam in postgresql.conf. On the client it can be configured by setting the environment variable PGKRBSRVNAM. The default setting (for both) is the value given by PG_KRB_SRVNAM mentioned above.
diff -uNr postgresql-7.4.5/src/backend/libpq/auth.c postgresql-7.4.5-mod/src/backend/libpq/auth.c --- postgresql-7.4.5/src/backend/libpq/auth.c 2003-12-20 19:25:02.000000000 +0100 +++ postgresql-7.4.5-mod/src/backend/libpq/auth.c 2004-09-25 12:58:32.000000000 +0200 @@ -41,6 +41,7 @@ static int recv_and_check_password_packet(Port *port); char *pg_krb_server_keyfile; +char *pg_krb_srvnam; #ifdef USE_PAM #ifdef HAVE_PAM_PAM_APPL_H @@ -99,7 +100,7 @@ status = krb_recvauth(krbopts, port->sock, &clttkt, - PG_KRB_SRVNAM, + pg_krb_srvnam, instance, &port->raddr.in, &port->laddr.in, @@ -216,16 +217,16 @@ return STATUS_ERROR; } - retval = krb5_sname_to_principal(pg_krb5_context, NULL, PG_KRB_SRVNAM, + retval = krb5_sname_to_principal(pg_krb5_context, NULL, pg_krb_srvnam, KRB5_NT_SRV_HST, &pg_krb5_server); if (retval) { ereport(LOG, (errmsg("Kerberos sname_to_principal(\"%s\") returned error %d", - PG_KRB_SRVNAM, retval))); + pg_krb_srvnam, retval))); com_err("postgres", retval, "while getting server principal for service \"%s\"", - PG_KRB_SRVNAM); + pg_krb_srvnam); krb5_kt_close(pg_krb5_context, pg_krb5_keytab); krb5_free_context(pg_krb5_context); return STATUS_ERROR; @@ -261,7 +262,7 @@ return ret; retval = krb5_recvauth(pg_krb5_context, &auth_context, - (krb5_pointer) & port->sock, PG_KRB_SRVNAM, + (krb5_pointer) & port->sock, pg_krb_srvnam, pg_krb5_server, 0, pg_krb5_keytab, &ticket); if (retval) { diff -uNr postgresql-7.4.5/src/backend/utils/misc/guc.c postgresql-7.4.5-mod/src/backend/utils/misc/guc.c --- postgresql-7.4.5/src/backend/utils/misc/guc.c 2004-08-11 23:10:52.000000000 +0200 +++ postgresql-7.4.5-mod/src/backend/utils/misc/guc.c 2004-09-25 11:47:45.000000000 +0200 @@ -59,6 +59,9 @@ #ifndef PG_KRB_SRVTAB #define PG_KRB_SRVTAB "" #endif +#ifndef PG_KRB_SRVNAM +#define PG_KRB_SRVNAM "" +#endif #ifdef EXEC_BACKEND #define CONFIG_EXEC_PARAMS "global/config_exec_params" @@ -1375,6 +1378,15 @@ }, { + {"krb_srvnam", PGC_POSTMASTER, CONN_AUTH_SECURITY, + gettext_noop("Sets the name of the Postgres server Kerberos service."), + NULL + }, + &pg_krb_srvnam, + PG_KRB_SRVNAM, NULL, NULL + }, + + { {"rendezvous_name", PGC_POSTMASTER, CONN_AUTH_SETTINGS, gettext_noop("Sets the Rendezvous broadcast service name."), NULL diff -uNr postgresql-7.4.5/src/include/libpq/auth.h postgresql-7.4.5-mod/src/include/libpq/auth.h --- postgresql-7.4.5/src/include/libpq/auth.h 2003-08-04 04:40:13.000000000 +0200 +++ postgresql-7.4.5-mod/src/include/libpq/auth.h 2004-09-25 12:13:05.000000000 +0200 @@ -27,5 +27,6 @@ #define PG_KRB5_VERSION "PGVER5.1" extern char *pg_krb_server_keyfile; +extern char *pg_krb_srvnam; #endif /* AUTH_H */
diff -uNr postgresql-7.4.5/src/interfaces/libpq/fe-auth.c postgresql-7.4.5-mod/src/interfaces/libpq/fe-auth.c --- postgresql-7.4.5/src/interfaces/libpq/fe-auth.c 2003-12-20 19:46:02.000000000 +0100 +++ postgresql-7.4.5-mod/src/interfaces/libpq/fe-auth.c 2004-09-25 12:22:26.000000000 +0200 @@ -116,6 +116,7 @@ /* for some reason, this is not defined in krb.h ... */ extern char *tkt_string(void); +static char *pg_krb_srvnam; /* * pg_krb4_init -- initialization performed before any Kerberos calls are made @@ -145,6 +146,11 @@ (void) snprintf(tktbuf, sizeof(tktbuf), "[EMAIL PROTECTED]", tkt_string(), realm); krb_set_tkt_string(tktbuf); } + + pg_krb_srvnam = getenv("PGKRBSRVNAM"); + if (pg_krb_srvnam == NULL) { + pg_krb_srvnam = PG_KRB_SRVNAM; + } } /* @@ -216,7 +222,7 @@ status = krb_sendauth(krbopts, sock, &clttkt, - PG_KRB_SRVNAM, + pg_krb_srvnam, hostname, realm, (u_long) 0, @@ -278,6 +284,7 @@ static krb5_ccache pg_krb5_ccache; static krb5_principal pg_krb5_client; static char *pg_krb5_name; +static char *pg_krb_srvnam; static int @@ -333,6 +340,11 @@ pg_krb5_name = pg_an_to_ln(pg_krb5_name); + pg_krb_srvnam = getenv("PGKRBSRVNAM"); + if (pg_krb_srvnam == NULL) { + pg_krb_srvnam = PG_KRB_SRVNAM; + } + pg_krb5_initialised = 1; return STATUS_OK; } @@ -370,7 +382,7 @@ if (ret != STATUS_OK) return ret; - retval = krb5_sname_to_principal(pg_krb5_context, hostname, PG_KRB_SRVNAM, + retval = krb5_sname_to_principal(pg_krb5_context, hostname, pg_krb_srvnam, KRB5_NT_SRV_HST, &server); if (retval) { @@ -397,7 +409,7 @@ } retval = krb5_sendauth(pg_krb5_context, &auth_context, - (krb5_pointer) & sock, PG_KRB_SRVNAM, + (krb5_pointer) & sock, pg_krb_srvnam, pg_krb5_client, server, AP_OPTS_MUTUAL_REQUIRED, NULL, 0, /* no creds, use ccache instead */
The use of this is mainly if several different users want to run their own instance of postgresql on the same machine. Regards Daniel Ahlin
---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])