Re: BUG #13782: gss auth with libpq does not include realm by default

John,

* jkew@tableau.com (jkew@tableau.com) wrote:
> The following bug has been logged on the website:
>=20
> Bug reference:      13782
> Logged by:          John Kew
> Email address:      jkew@tableau.com
> PostgreSQL version: 9.5beta1
> Operating system:   Windows 7
> Description:       =20
>=20
> Recently a change was made to set include_realm=3D1 by default. This is
> sensible.
>=20
> Clients and drivers using libpq, however, default to sending just the
> username w/o the realm, leading to a gss username error in these
> configurations.

That's not exactly correct.  libpq does not determine the username to
send to the server based on the auth method chosen by the server.  The
username is chosen based on what the OS tells libpq the local username
is.

> You can force psql and postgres-odbc to use a specific username which
> includes the realm; but it would be useful if libpq had the same default =
as
> the server and sent the current realm by default e.g: joe@realm.com.

Note that the username sent is the PG user to log in as.  If libpq sent
this then there would have to exist a 'joe@realm.com' user in the PG
database.  That's certainly possible to do with PG, but, in my view at
least, it comes across a bit like having unix users named
'joe@realm.com', which isn't typical.

> Seems like a minor thing; but it means you can share the same connection
> string configuration between users for when postgres is configured the
> recommended way.

The recommendation is to use include_realm=3D1, but that doesn't imply
that users in the database should be 'joe@realm.com'- that's a
completely different consideration.

I would suggest you refer to pg_ident.conf and the mapping capabilities
available there to see how you can have a 'joe' unix/Windows user, a
'joe' PG user, and have include_realm=3D1 by having a mapping in
pg_ident.conf which allows the system-identified user of 'joe@realm.com'
to connect as the PG user 'joe'.

Thanks!

Stephen