From ee3980ebf3713bd977385d4250eab6231f53cc8f Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Wed, 27 May 2009 22:12:53 +0000
Subject: [PATCH] Improve release note explanation of the change in libpq's
 handling of default usernames versus Kerberos tickets.  Per confusion about
 what bug #4824 was really about.

---
 doc/src/sgml/release-8.4.sgml | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/doc/src/sgml/release-8.4.sgml b/doc/src/sgml/release-8.4.sgml
index c7c22fe856f..a567afffb7d 100644
--- a/doc/src/sgml/release-8.4.sgml
+++ b/doc/src/sgml/release-8.4.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/release-8.4.sgml,v 1.6 2009/05/14 22:17:28 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/release-8.4.sgml,v 1.7 2009/05/27 22:12:53 tgl Exp $ -->
 <!-- See header comment in release.sgml about typical markup -->
 
  <sect1 id="release-8-4">
@@ -2703,12 +2703,18 @@
 
       <listitem>
        <para>
-        Make Kerberos connections use the same method to determine the
-        username of the client as all other authentication methods (Magnus)
+        Do not rely on Kerberos tickets to determine the default database
+        username (Magnus)
        </para>
 
        <para>
-        Previously a special Kerberos-only API was used.
+        Previously, a Kerberos-capable build of libpq would use the
+        principal name from any available Kerberos ticket as default
+        database username, even if the connection wasn't using Kerberos
+        authentication.  This was deemed inconsistent and confusing.
+        The default username is now determined the same way with or
+        without Kerberos.  Note however that the database username must still
+        match the ticket when Kerberos authentication is used.
        </para>
       </listitem>
      </itemizedlist>
-- 
GitLab