diff --git a/configure b/configure
index 232015a862f8ce94f072fa6a9c0011f0e1ade2e4..3d33f8c796e5ea049c169a89a36650132170b198 100755
--- a/configure
+++ b/configure
@@ -869,7 +869,7 @@ Optional Packages:
--with-python build Python modules (PL/Python)
--with-krb4 build with Kerberos 4 support
--with-krb5 build with Kerberos 5 support
- --with-krb-srvnam=NAME name of the service principal in Kerberos [postgres]
+ --with-krb-srvnam=NAME name of the default service principal in Kerberos [postgres]
--with-pam build with PAM support
--with-bonjour build with Bonjour support
--with-openssl build with OpenSSL support
diff --git a/configure.in b/configure.in
index 7338bb8fabb3971ea8c36dc5368b2756942f955b..2494a706de0f8928b8114bc1286a794809c77aa8 100644
--- a/configure.in
+++ b/configure.in
@@ -1,5 +1,5 @@
dnl Process this file with autoconf to produce a configure script.
-dnl $PostgreSQL: pgsql/configure.in,v 1.411 2005/05/15 00:26:18 momjian Exp $
+dnl $PostgreSQL: pgsql/configure.in,v 1.412 2005/06/04 20:42:41 momjian Exp $
dnl
dnl Developers, please strive to achieve this order:
dnl
@@ -447,11 +447,11 @@ AC_SUBST(krb_srvtab)
# Kerberos configuration parameters
#
PGAC_ARG_REQ(with, krb-srvnam,
- [ --with-krb-srvnam=NAME name of the service principal in Kerberos [[postgres]]],
+ [ --with-krb-srvnam=NAME name of the default service principal in Kerberos [[postgres]]],
[],
[with_krb_srvnam="postgres"])
AC_DEFINE_UNQUOTED([PG_KRB_SRVNAM], ["$with_krb_srvnam"],
- [Define to the name of the PostgreSQL service principal in Kerberos. (--with-krb-srvnam=NAME)])
+ [Define to the name of the default PostgreSQL service principal in Kerberos. (--with-krb-srvnam=NAME)])
#
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index 875c170a0485c295a8d6902b3fcd248c9c5e63b6..8439174b028d7824478adeb59de0623b9dffb9d1 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -1,5 +1,5 @@
<!--
-$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.79 2005/04/27 20:11:07 momjian Exp $
+$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.80 2005/06/04 20:42:41 momjian Exp $
-->
<chapter id="client-authentication">
@@ -617,7 +617,7 @@ local db1,db2,@demodbs all md5
quite complex (yet powerful). The
<ulink url="http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html">
Kerberos <acronym>FAQ</></ulink> or
- <ulink url="ftp://athena-dist.mit.edu">MIT Project Athena</ulink>
+ <ulink url="http://web.mit.edu/kerberos/www/">MIT Kerberos page</ulink>
can be a good starting point for exploration.
Several sources for <productname>Kerberos</> distributions exist.
</para>
@@ -626,23 +626,29 @@ local db1,db2,@demodbs all md5
While <productname>PostgreSQL</> supports both Kerberos 4 and
Kerberos 5, only Kerberos 5 is recommended. Kerberos 4 is
considered insecure and no longer recommended for general
- use.
- </para>
-
- <para>
- In order to use <productname>Kerberos</>, support for it must be
- enabled at build time. See <xref linkend="installation"> for more
- information. Both Kerberos 4 and 5 are supported, but only one
- version can be supported in any one build.
+ use. Only one version of Kerberos can be supported in any one
+ build, and support must be enabled at build time. See
+ <xref linkend="installation"> for more information.
</para>
<para>
<productname>PostgreSQL</> operates like a normal Kerberos service.
The name of the service principal is
- <literal><replaceable>servicename</>/<replaceable>hostname</>@<replaceable>realm</></literal>, where
- <replaceable>servicename</> is <literal>postgres</literal> (unless a
- different service name was selected at configure time with
- <literal>./configure --with-krb-srvnam=whatever</>).
+ <literal><replaceable>servicename</>/<replaceable>hostname</>@<replaceable>realm</></literal>.
+ </para>
+ <para>
+ <replaceable>servicename</> can be set on the server side using the
+ <xref linkend="guc-krb-srvname"> configuration parameter, and on the
+ client side using the krbsrvname connection parameter. (See also <xref linkend="libpq-connect">.). The installation default can be changed from the default
+ <literal>postgres</literal> at build time using
+ <literal>./configure --with-krb-srvnam=whatever</>). In most environments,
+ this parameter never needs to be changed. However, to support multiple
+ <productname>PostgreSQL</> installations on the same host it is necessary.
+ Some Kerberos implementations may also require a different service name,
+ such as Microsoft Active Directory which requires the service name
+ to be in uppercase (<literal>POSTGRES</literal>).
+ </para>
+ <para>
<replaceable>hostname</> is the fully qualified host name of the
server machine. The service principal's realm is the preferred realm
of the server machine.
@@ -658,12 +664,12 @@ local db1,db2,@demodbs all md5
</para>
<para>
- Make sure that your server key file is readable (and preferably
+ Make sure that your server keytab file is readable (and preferably
only readable) by the <productname>PostgreSQL</productname> server
account. (See also <xref linkend="postgres-user">.) The location
of the key file is specified by the <xref
linkend="guc-krb-server-keyfile"> configuration
- parameter. (See also <xref linkend="runtime-config">.) The default
+ parameter. The default
is <filename>/etc/srvtab</> if you are using Kerberos 4 and
<filename>/usr/local/pgsql/etc/krb5.keytab</> (or whichever
directory was specified as <varname>sysconfdir</> at build time)
@@ -671,12 +677,13 @@ local db1,db2,@demodbs all md5
</para>
<para>
- To generate the keytab file, use for example (with version 5)
+ The keytab file is generated in the Kerberos system, see the
+ Kerberos documentation for details. The following example is
+ for MIT-compatible Kerberos 5 implementations:
<screen>
<prompt>kadmin% </><userinput>ank -randkey postgres/server.my.domain.org</>
<prompt>kadmin% </><userinput>ktadd -k krb5.keytab postgres/server.my.domain.org</>
</screen>
- Read the <productname>Kerberos</> documentation for details.
</para>
<para>
diff --git a/doc/src/sgml/installation.sgml b/doc/src/sgml/installation.sgml
index cf27e37f3b280f51fee462fe5a5b873a776055a9..b772a23e583ce922ccde2e4a7b6b728d9df56f0d 100644
--- a/doc/src/sgml/installation.sgml
+++ b/doc/src/sgml/installation.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/installation.sgml,v 1.233 2005/05/15 00:26:18 momjian Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/installation.sgml,v 1.234 2005/06/04 20:42:41 momjian Exp $ -->
<chapter id="installation">
<title><![%standalone-include[<productname>PostgreSQL</>]]>
@@ -816,8 +816,8 @@ su - postgres
<term><option>--with-krb-srvnam=<replaceable>NAME</></option></term>
<listitem>
<para>
- The name of the Kerberos service principal.
- <literal>postgres</literal> is the default. There's probably no
+ The default name of the Kerberos service principal.
+ <literal>postgres</literal> is the default. There's usually no
reason to change this.
</para>
</listitem>
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index a81dc9defcb55500c8f7ac29a2719378619b3d0c..8430a124298ec07a956e257695d2a0f7922a94b3 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -1,5 +1,5 @@
<!--
-$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.181 2005/05/30 19:32:44 momjian Exp $
+$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.182 2005/06/04 20:42:41 momjian Exp $
-->
<chapter id="libpq">
@@ -279,6 +279,18 @@ PGconn *PQconnectdb(const char *conninfo);
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><literal>krbsrvname</literal></term>
+ <listitem>
+ <para>
+ Kerberos service name to use when authenticating with Kerberos 4 or 5.
+ This must match the service name specified in the server
+ configuration for Kerberos authentication to succeed. (See also
+ <xref linkend="kerberos-auth">.)
+ </para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term><literal>service</literal></term>
<listitem>
@@ -3770,6 +3782,15 @@ setting, and is only available if
</listitem>
<listitem>
<para>
+<indexterm>
+ <primary><envar>PGKRBSRVNAME</envar></primary>
+</indexterm>
+<envar>PGKRBSRVNAME</envar> sets the Kerberos service name to use when
+authenticating with Kerberos 4 or 5.
+</para>
+</listitem>
+<listitem>
+<para>
<indexterm>
<primary><envar>PGCONNECT_TIMEOUT</envar></primary>
</indexterm>
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index d5c76830baad7b836650c00e489531d8806d1c8f..e1ffd22c5a8494b4ba34450114e69aaf4cd71a7a 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -1,5 +1,5 @@
<!--
-$PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.321 2005/05/25 02:56:15 neilc Exp $
+$PostgreSQL: pgsql/doc/src/sgml/runtime.sgml,v 1.322 2005/06/04 20:42:41 momjian Exp $
-->
<chapter Id="runtime">
@@ -955,11 +955,39 @@ SET ENABLE_SEQSCAN TO OFF;
<listitem>
<para>
Sets the location of the Kerberos server key file. See
- <xref linkend="kerberos-auth"> for details.
+ <xref linkend="kerberos-auth"> for details. This parameter
+ can only be set at server start.
</para>
</listitem>
</varlistentry>
+ <varlistentry id="guc-krb-srvname" xreflabel="krb_srvname">
+ <term><varname>krb_srvname</varname> (<type>string</type>)</term>
+ <indexterm>
+ <primary><varname>krb_srvname</> configuration parameter</primary>
+ </indexterm>
+ <listitem>
+ <para>
+ Sets the Kerberos service name. See <xref linkend="kerberos-auth">
+ for details. This parameter can only be set at server start.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="guc-krb-caseins-users" xreflabel="krb_caseins_users">
+ <term><varname>krb_caseins_users</varname> (<type>boolean</type>)</term>
+ <indexterm>
+ <primary><varname>krb_caseins_users</varname> configuration parameter</primary>
+ </indexterm>
+ <listitem>
+ <para>
+ Sets if Kerberos usernames should be treated case-insensitive.
+ The default is off (case sensitive). This parameter can only be
+ set at server start.
+ </para>
+ </listitem>
+ </varlistentry>
+
<varlistentry id="guc-db-user-namespace" xreflabel="db_user_namespace">
<term><varname>db_user_namespace</varname> (<type>boolean</type>)</term>
<indexterm>
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index b941ccd50304988f952f325a56e872a0ca4a38d9..7970f817561bbac85eac1ef6ecfa07932674bb2f 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.123 2005/02/22 04:35:57 momjian Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.124 2005/06/04 20:42:42 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -41,6 +41,8 @@ static char *recv_password_packet(Port *port);
static int recv_and_check_password_packet(Port *port);
char *pg_krb_server_keyfile;
+char *pg_krb_srvnam;
+bool pg_krb_caseins_users;
#ifdef USE_PAM
#ifdef HAVE_PAM_PAM_APPL_H
@@ -99,7 +101,7 @@ pg_krb4_recvauth(Port *port)
status = krb_recvauth(krbopts,
port->sock,
&clttkt,
- PG_KRB_SRVNAM,
+ pg_krb_srvnam,
instance,
&port->raddr.in,
&port->laddr.in,
@@ -219,16 +221,16 @@ pg_krb5_init(void)
return STATUS_ERROR;
}
- retval = krb5_sname_to_principal(pg_krb5_context, NULL, PG_KRB_SRVNAM,
+ retval = krb5_sname_to_principal(pg_krb5_context, NULL, pg_krb_srvnam,
KRB5_NT_SRV_HST, &pg_krb5_server);
if (retval)
{
ereport(LOG,
(errmsg("Kerberos sname_to_principal(\"%s\") returned error %d",
- PG_KRB_SRVNAM, retval)));
+ pg_krb_srvnam, retval)));
com_err("postgres", retval,
"while getting server principal for service \"%s\"",
- PG_KRB_SRVNAM);
+ pg_krb_srvnam);
krb5_kt_close(pg_krb5_context, pg_krb5_keytab);
krb5_free_context(pg_krb5_context);
return STATUS_ERROR;
@@ -264,7 +266,7 @@ pg_krb5_recvauth(Port *port)
return ret;
retval = krb5_recvauth(pg_krb5_context, &auth_context,
- (krb5_pointer) & port->sock, PG_KRB_SRVNAM,
+ (krb5_pointer) & port->sock, "postgres",
pg_krb5_server, 0, pg_krb5_keytab, &ticket);
if (retval)
{
@@ -303,7 +305,11 @@ pg_krb5_recvauth(Port *port)
}
kusername = pg_an_to_ln(kusername);
- if (strncmp(port->user_name, kusername, SM_DATABASE_USER))
+ if (pg_krb_caseins_users)
+ ret = strncasecmp(port->user_name, kusername, SM_DATABASE_USER);
+ else
+ ret = strncmp(port->user_name, kusername, SM_DATABASE_USER);
+ if (ret)
{
ereport(LOG,
(errmsg("unexpected Kerberos user name received from client (received \"%s\", expected \"%s\")",
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index 7f89276b612afa46a0c77254106e695df6cbd507..3d57509548f46ff74dcefd832050192b7caa83e1 100644
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -10,7 +10,7 @@
* Written by Peter Eisentraut <peter_e@gmx.net>.
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.263 2005/05/27 18:33:30 momjian Exp $
+ * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.264 2005/06/04 20:42:42 momjian Exp $
*
*--------------------------------------------------------------------
*/
@@ -63,6 +63,9 @@
#ifndef PG_KRB_SRVTAB
#define PG_KRB_SRVTAB ""
#endif
+#ifndef PG_KRB_SRVNAM
+#define PG_KRB_SRVNAM ""
+#endif
#define CONFIG_FILENAME "postgresql.conf"
#define HBA_FILENAME "pg_hba.conf"
@@ -860,6 +863,15 @@ static struct config_bool ConfigureNamesBool[] =
#endif
},
+ {
+ {"krb_caseins_users", PGC_POSTMASTER, CONN_AUTH_SECURITY,
+ gettext_noop("Sets if Kerberos user names should be treated case insensitive."),
+ NULL
+ },
+ &pg_krb_caseins_users,
+ false, NULL, NULL
+ },
+
/* End-of-list marker */
{
{NULL, 0, 0, NULL, NULL}, NULL, false, NULL, NULL
@@ -1572,6 +1584,15 @@ static struct config_string ConfigureNamesString[] =
PG_KRB_SRVTAB, NULL, NULL
},
+ {
+ {"krb_srvname", PGC_POSTMASTER, CONN_AUTH_SECURITY,
+ gettext_noop("Sets the name of the Kerberos service."),
+ NULL
+ },
+ &pg_krb_srvnam,
+ PG_KRB_SRVNAM, NULL, NULL
+ },
+
{
{"bonjour_name", PGC_POSTMASTER, CONN_AUTH_SETTINGS,
gettext_noop("Sets the Bonjour broadcast service name."),
diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample
index 0e88d4c5ed09b4536699fc012f2e7304b2dba5ed..d54ae5fcfda19ffc4616e912d53ef99ad982448e 100644
--- a/src/backend/utils/misc/postgresql.conf.sample
+++ b/src/backend/utils/misc/postgresql.conf.sample
@@ -64,8 +64,11 @@
#authentication_timeout = 60 # 1-600, in seconds
#ssl = false
#password_encryption = true
-#krb_server_keyfile = ''
#db_user_namespace = false
+# Kerberos
+#krb_server_keyfile = ''
+#krb_caseins_users = false
+#krb_srvname = 'postgres'
#---------------------------------------------------------------------------
diff --git a/src/include/libpq/auth.h b/src/include/libpq/auth.h
index 3aef036078fb1b2c796aea832d683a7f3c6449d6..b8fd25eb64f6c9620d1b8b90efb1bbacc71b5924 100644
--- a/src/include/libpq/auth.h
+++ b/src/include/libpq/auth.h
@@ -7,7 +7,7 @@
* Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/include/libpq/auth.h,v 1.26 2004/12/31 22:03:32 pgsql Exp $
+ * $PostgreSQL: pgsql/src/include/libpq/auth.h,v 1.27 2005/06/04 20:42:42 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -27,5 +27,7 @@ extern void ClientAuthentication(Port *port);
#define PG_KRB5_VERSION "PGVER5.1"
extern char *pg_krb_server_keyfile;
+extern char *pg_krb_srvnam;
+extern bool pg_krb_caseins_users;
#endif /* AUTH_H */
diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in
index 51a13907bb0d7d9865b89ddde26c59d8226398c4..da29557e9271f2373354ddaa7bea53699d370209 100644
--- a/src/include/pg_config.h.in
+++ b/src/include/pg_config.h.in
@@ -602,7 +602,7 @@
/* Define to the version of this package. */
#undef PACKAGE_VERSION
-/* Define to the name of the PostgreSQL service principal in Kerberos.
+/* Define to the name of the default PostgreSQL service principal in Kerberos.
(--with-krb-srvnam=NAME) */
#undef PG_KRB_SRVNAM
@@ -635,6 +635,9 @@
/* Define to 1 to build with assertion checks. (--enable-cassert) */
#undef USE_ASSERT_CHECKING
+/* Define to 1 to build with Bonjour support. (--with-bonjour) */
+#undef USE_BONJOUR
+
/* Define to 1 if you want 64-bit integer timestamp and interval support.
(--enable-integer-datetimes) */
#undef USE_INTEGER_DATETIMES
@@ -645,9 +648,6 @@
/* Define to 1 to build with PAM support. (--with-pam) */
#undef USE_PAM
-/* Define to 1 to build with Bonjour support. (--with-bonjour) */
-#undef USE_BONJOUR
-
/* Use replacement snprintf() functions. */
#undef USE_SNPRINTF
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index 0dda34401bb1a48196fc646a2cb1567f0da7ea59..6624df1ad0a09b69a67a20a8919dc22f53072072 100644
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -10,7 +10,7 @@
* exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.100 2005/03/25 00:34:28 tgl Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.101 2005/06/04 20:42:43 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -196,7 +196,8 @@ static int
pg_krb4_sendauth(char *PQerrormsg, int sock,
struct sockaddr_in * laddr,
struct sockaddr_in * raddr,
- const char *hostname)
+ const char *hostname,
+ const char *servicename)
{
long krbopts = 0; /* one-way authentication */
KTEXT_ST clttkt;
@@ -216,7 +217,7 @@ pg_krb4_sendauth(char *PQerrormsg, int sock,
status = krb_sendauth(krbopts,
sock,
&clttkt,
- PG_KRB_SRVNAM,
+ servicename,
hostname,
realm,
(u_long) 0,
@@ -260,6 +261,10 @@ pg_krb4_sendauth(char *PQerrormsg, int sock,
* provide an aname mapping database...it may be a better idea to use
* krb5_an_to_ln, except that it punts if multiple components are found,
* and we can't afford to punt.
+ *
+ * For WIN32, convert username to lowercase because the Win32 kerberos library
+ * generates tickets with the username as the user entered it instead of as
+ * it is entered in the directory.
*/
static char *
pg_an_to_ln(char *aname)
@@ -268,6 +273,11 @@ pg_an_to_ln(char *aname)
if ((p = strchr(aname, '/')) || (p = strchr(aname, '@')))
*p = '\0';
+#ifdef WIN32
+ for (p = aname; *p ; p++)
+ *p = pg_tolower(*p);
+#endif
+
return aname;
}
@@ -360,7 +370,7 @@ pg_krb5_authname(char *PQerrormsg)
* the server
*/
static int
-pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname)
+pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname, const char *servicename)
{
krb5_error_code retval;
int ret;
@@ -379,7 +389,7 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname)
if (ret != STATUS_OK)
return ret;
- retval = krb5_sname_to_principal(pg_krb5_context, hostname, PG_KRB_SRVNAM,
+ retval = krb5_sname_to_principal(pg_krb5_context, hostname, servicename,
KRB5_NT_SRV_HST, &server);
if (retval)
{
@@ -405,7 +415,7 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname)
}
retval = krb5_sendauth(pg_krb5_context, &auth_context,
- (krb5_pointer) & sock, PG_KRB_SRVNAM,
+ (krb5_pointer) & sock, "postgres",
pg_krb5_client, server,
AP_OPTS_MUTUAL_REQUIRED,
NULL, 0, /* no creds, use ccache instead */
@@ -602,7 +612,7 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
if (pg_krb4_sendauth(PQerrormsg, conn->sock,
(struct sockaddr_in *) & conn->laddr.addr,
(struct sockaddr_in *) & conn->raddr.addr,
- hostname) != STATUS_OK)
+ hostname, conn->krbsrvname) != STATUS_OK)
{
/* PQerrormsg already filled in */
pgunlock_thread();
@@ -620,7 +630,7 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
#ifdef KRB5
pglock_thread();
if (pg_krb5_sendauth(PQerrormsg, conn->sock,
- hostname) != STATUS_OK)
+ hostname, conn->krbsrvname) != STATUS_OK)
{
/* PQerrormsg already filled in */
pgunlock_thread();
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index 15bcf5f911bbec3906c1b26d90bf12027243db3c..05899450237f8d3345306702c26bf8b727976452 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.306 2005/05/05 16:40:42 momjian Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.307 2005/06/04 20:42:43 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -170,6 +170,12 @@ static const PQconninfoOption PQconninfoOptions[] = {
{"sslmode", "PGSSLMODE", DefaultSSLMode, NULL,
"SSL-Mode", "", 8}, /* sizeof("disable") == 8 */
+#if defined(KRB4) || defined(KRB5)
+ /* Kerberos authentication supports specifying the service name */
+ {"krbsrvname", "PGKRBSRVNAME", PG_KRB_SRVNAM, NULL,
+ "Kerberos-service-name", "", 20},
+#endif
+
/* Terminating entry --- MUST BE LAST */
{NULL, NULL, NULL, NULL,
NULL, NULL, 0}
@@ -393,6 +399,10 @@ connectOptions1(PGconn *conn, const char *conninfo)
conn->sslmode = strdup("require");
}
#endif
+#if defined(KRB4) || defined(KRB5)
+ tmp = conninfo_getval(connOptions, "krbsrvname");
+ conn->krbsrvname = tmp ? strdup(tmp) : NULL;
+#endif
/*
* Free the option info - all is in conn now
@@ -2074,6 +2084,10 @@ freePGconn(PGconn *conn)
free(conn->pgpass);
if (conn->sslmode)
free(conn->sslmode);
+#if defined(KRB4) || defined(KRB5)
+ if (conn->krbsrvname)
+ free(conn->krbsrvname);
+#endif
/* Note that conn->Pfdebug is not ours to close or free */
notify = conn->notifyHead;
while (notify != NULL)
diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h
index 9862e01bc91aefe0f05a6b565974cb79b46fcaab..e4692d5d5f63666563a57fecad25ed650e024215 100644
--- a/src/interfaces/libpq/libpq-int.h
+++ b/src/interfaces/libpq/libpq-int.h
@@ -12,7 +12,7 @@
* Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.100 2005/01/06 00:59:47 tgl Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.101 2005/06/04 20:42:43 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -261,6 +261,9 @@ struct pg_conn
char *pguser; /* Postgres username and password, if any */
char *pgpass;
char *sslmode; /* SSL mode (require,prefer,allow,disable) */
+#if defined(KRB5) || defined(KRB4)
+ char *krbsrvname; /* Kerberos service name */
+#endif
/* Optional file to write trace info to */
FILE *Pfdebug;