From 35e2e357cb054dc9e5d890fe754c56f0722f015e Mon Sep 17 00:00:00 2001
From: Magnus Hagander
Date: Fri, 8 Apr 2016 20:23:52 +0200
Subject: Add authentication parameters compat_realm and upn_usename for SSPI

These parameters are available for SSPI authentication only, to make
it possible to make it behave more like "normal gssapi", while
making it possible to maintain compatibility.

compat_realm is on by default, but can be turned off to make the
authentication use the full Kerberos realm instead of the NetBIOS name.

upn_username is off by default, and can be turned on to return the users
Kerberos UPN rather than the SAM-compatible name (a user in Active
Directory can have both a legacy SAM-compatible username and a new
Kerberos one. Normally they are the same, but not always)

Author: Christian Ullrich
Reviewed by: Robbie Harwood, Alvaro Herrera, me
---
 src/include/libpq/hba.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/include/libpq')

diff --git a/src/include/libpq/hba.h b/src/include/libpq/hba.h
index 58f90fec80d..dc7d2572eaa 100644
--- a/src/include/libpq/hba.h
+++ b/src/include/libpq/hba.h
@@ -79,6 +79,8 @@ typedef struct HbaLine
 	bool		clientcert;
 	char	   *krb_realm;
 	bool		include_realm;
+	bool		compat_realm;
+	bool		upn_username;
 	char	   *radiusserver;
 	char	   *radiussecret;
 	char	   *radiusidentifier;
-- 
cgit v1.2.3