Hello, I am using krb5 authorization and have a problem with the mangling of krb5 principal names. E.g. on authentication, the principals 'foo/[EMAIL PROTECTED]' and 'foo/[EMAIL PROTECTED]' will be both rewritten to the local username 'foo', which is completely unwanted and might be a security problem.
In the archives, I read that this happens because '/' and '@' are forbidden characters for usernames. An authname-to-username mapping table was a proposed solutions, but although the discussion[1] was some time ago in 2002, I can not find such a thing in recent postgresql 7.4.2. When the authname -> username table would be too complicated to implement, would it be possible to use something like OpenLDAP's 'sasl-regexp' feature? E.g. in postgresql.conf it could be written | sasl-regexp "([^/]*)/[EMAIL PROTECTED]" "$1_www_XYZ_ORG" | sasl-regexp "([^/]*)/[EMAIL PROTECTED]" "$1_mail_ABC_COM" which maps the principals above into valid SQL usernames. Enrico Footnotes: [1] http://groups.google.com/groups?&selm=8149.1021471997%40sss.pgh.pa.us ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
