aboutsummaryrefslogtreecommitdiff
path: root/src/backend/commands/explain.c
diff options
context:
space:
mode:
authorStephen Frost <sfrost@snowman.net>2015-05-08 19:39:42 -0400
committerStephen Frost <sfrost@snowman.net>2015-05-08 19:39:42 -0400
commit9a0884176fdfa51551d6a3b26fa0e1b216c3e4c2 (patch)
tree03c926d57b1be6a572fcfd0961da777476350d75 /src/backend/commands/explain.c
parentf91feba8776eb66008cdb73b3a8c0c7c08cc54d9 (diff)
downloadpostgresql-9a0884176fdfa51551d6a3b26fa0e1b216c3e4c2.tar.gz
postgresql-9a0884176fdfa51551d6a3b26fa0e1b216c3e4c2.zip
Change default for include_realm to 1
The default behavior for GSS and SSPI authentication methods has long been to strip the realm off of the principal, however, this is not a secure approach in multi-realm environments and the use-case for the parameter at all has been superseded by the regex-based mapping support available in pg_ident.conf. Change the default for include_realm to be '1', meaning that we do NOT remove the realm from the principal by default. Any installations which depend on the existing behavior will need to update their configurations (ideally by leaving include_realm set to 1 and adding a mapping in pg_ident.conf, but alternatively by explicitly setting include_realm=0 prior to upgrading). Note that the mapping capability exists in all currently supported versions of PostgreSQL and so this change can be done today. Barring that, existing users can update their configurations today to explicitly set include_realm=0 to ensure that the prior behavior is maintained when they upgrade. This needs to be noted in the release notes. Per discussion with Magnus and Peter.
Diffstat (limited to 'src/backend/commands/explain.c')
0 files changed, 0 insertions, 0 deletions