<!--
-$PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.325 2005/06/13 02:40:06 neilc Exp $
+$PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.326 2005/06/14 17:43:12 momjian Exp $
-->
<chapter Id="runtime">
<listitem>
<para>
Sets the Kerberos service name. See <xref linkend="kerberos-auth">
- for details. This parameter can only be set at server start.
+ for details. This parameter can only be set at server start.
</para>
</listitem>
</varlistentry>
- <varlistentry id="guc-krb-caseins-users" xreflabel="krb_caseins_users">
- <term><varname>krb_caseins_users</varname> (<type>boolean</type>)</term>
- <indexterm>
- <primary><varname>krb_caseins_users</varname> configuration parameter</primary>
+ <varlistentry id="guc-krb-caseins-users" xreflabel="krb_caseins_users">
+ <term><varname>krb_caseins_users</varname> (<type>boolean</type>)</term>
+ <indexterm>
+
<primary><varname>krb_caseins_users</varname> configuration parameter</primary>
</indexterm>
- <listitem>
- <para>
- Sets if Kerberos usernames should be treated case-insensitive.
- The default is off (case sensitive). This parameter can only be
- set at server start.
+ <listitem>
+ Sets if Kerberos usernames should be treated case-insensitive.
+ The default is off (case sensitive). This parameter can only be
+ set at server start.
</para>
- </listitem>
- </varlistentry>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="guc-krb-server-hostname" xreflabel="krb_server_hostname">
+ <term><varname>krb_server_hostname</varname> (<type>string</type>)</term>
+ <indexterm>
+ <primary><varname>krb_server_hostname</> configuration parameter</primary>
+ </indexterm>
+ <listitem>
+ <para>
+ Sets the hostname part of the service principal.
+ This, combined with <varname>krb_srvname</>, is used to generate
+ the complete service principal, i.e.
+ <varname>krb_server_hostname</><literal>/</><varname>krb_server_hostname</><literal>@</>REALM.
+ </para>
+ <para>
+ If not set, the default is to allow any service principal matching an entry
+ in the keytab. See <xref linkend="kerberos-auth"> for details.
+ This parameter can only be set at server start.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry id="guc-db-user-namespace" xreflabel="db_user_namespace">
<term><varname>db_user_namespace</varname> (<type>boolean</type>)</term>
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.124 2005/06/04 20:42:42 momjian Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.125 2005/06/14 17:43:13 momjian Exp $
*
*-------------------------------------------------------------------------
*/
char *pg_krb_server_keyfile;
char *pg_krb_srvnam;
bool pg_krb_caseins_users;
+char *pg_krb_server_hostname = NULL;
#ifdef USE_PAM
#ifdef HAVE_PAM_PAM_APPL_H
return STATUS_ERROR;
}
- retval = krb5_sname_to_principal(pg_krb5_context, NULL, pg_krb_srvnam,
- KRB5_NT_SRV_HST, &pg_krb5_server);
- if (retval)
+ if (pg_krb_server_hostname)
{
- ereport(LOG,
- (errmsg("Kerberos sname_to_principal(\"%s\") returned error %d",
- pg_krb_srvnam, retval)));
- com_err("postgres", retval,
- "while getting server principal for service \"%s\"",
- pg_krb_srvnam);
- krb5_kt_close(pg_krb5_context, pg_krb5_keytab);
- krb5_free_context(pg_krb5_context);
- return STATUS_ERROR;
- }
+ retval = krb5_sname_to_principal(pg_krb5_context,
+ pg_krb_server_hostname, pg_krb_srvnam,
+ KRB5_NT_SRV_HST, &pg_krb5_server);
+ if (retval)
+ {
+ ereport(LOG,
+ (errmsg("Kerberos sname_to_principal(\"%s\") returned error %d",
+ pg_krb_srvnam, retval)));
+ com_err("postgres", retval,
+ "while getting server principal for service \"%s\"",
+ pg_krb_srvnam);
+ krb5_kt_close(pg_krb5_context, pg_krb5_keytab);
+ krb5_free_context(pg_krb5_context);
+ return STATUS_ERROR;
+ }
+ } else
+ pg_krb5_server = NULL;
pg_krb5_initialised = 1;
return STATUS_OK;
* Written by Peter Eisentraut <peter_e@gmx.net>.
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.264 2005/06/04 20:42:42 momjian Exp $
+ * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.265 2005/06/14 17:43:13 momjian Exp $
*
*--------------------------------------------------------------------
*/
PG_KRB_SRVNAM, NULL, NULL
},
+ {
+ {"krb_server_hostname", PGC_POSTMASTER, CONN_AUTH_SECURITY,
+ gettext_noop("Sets the hostname of the Kerberos server."),
+ NULL
+ },
+ &pg_krb_server_hostname,
+ NULL, NULL, NULL
+ },
+
{
{"bonjour_name", PGC_POSTMASTER, CONN_AUTH_SETTINGS,
gettext_noop("Sets the Bonjour broadcast service name."),
*
* Copyright (c) 2000-2005, PostgreSQL Global Development Group
*
- * $PostgreSQL: pgsql/src/bin/psql/tab-complete.c,v 1.130 2005/05/25 22:12:05 momjian Exp $
+ * $PostgreSQL: pgsql/src/bin/psql/tab-complete.c,v 1.131 2005/06/14 17:43:14 momjian Exp $
*/
/*----------------------------------------------------------------------
"geqo_selection_bias",
"geqo_threshold",
"join_collapse_limit",
- "krb_server_keyfile",
"lc_messages",
"lc_monetary",
"lc_numeric",
* Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/include/libpq/auth.h,v 1.27 2005/06/04 20:42:42 momjian Exp $
+ * $PostgreSQL: pgsql/src/include/libpq/auth.h,v 1.28 2005/06/14 17:43:14 momjian Exp $
*
*-------------------------------------------------------------------------
*/
extern char *pg_krb_server_keyfile;
extern char *pg_krb_srvnam;
extern bool pg_krb_caseins_users;
+extern char *pg_krb_server_hostname;
#endif /* AUTH_H */
projects / postgresql.git / commitdiff