"Magnus Hagander" <mha@sollentuna.net> writes:
> Which brings me back to thinking a GUC is the way to deal with that -
> you'll definitly know what kind of KDC you have when you set up
> Kerberos. But perhaps this GUC should be for "permit case-insensitive
> kerberos principals" and not "case-insensitive usernames". And it would
> just control the comparison between kerberos principal and user-supplied
> username. The user-supplied username would still be what's used in any
> access to the database, regardless of case.
That would work for me as long as the default is case-sensitive; the
other seems too likely to be a security hazard. (And it had better be
documented that way, too: "DO NOT turn this on unless you are certain
you are using a case-insensitive KDC.")
What will we call the GUC? kerberos_case_insensitive_principals
seems a bit, um, verbose.
regards, tom lane