Case insensitive usernames
Today, usernames are case sensitive. This can cause some problems in for
example a kerberos environment (such as a Windows domain, in my case),
because the system usernames are case insensitive. So if I log in to my
workstation as "Maghag" I cannot connect to postgresql, because my
postgresql username is "maghag".
I would like to see a GUC variable to enable case insensitive usernames.
Would a patch for such a thing be accepted? (or if the functionality
alraedy exists, a pointer would be much appreciated)
//Magnus
"Magnus Hagander" <mha@sollentuna.net> writes:
I would like to see a GUC variable to enable case insensitive usernames.
Would a patch for such a thing be accepted?
No, not any more than it would be for any other SQL identifiers. See
(many, many) past threads.
regards, tom lane
I would like to see a GUC variable to enable case
insensitive usernames.
Would a patch for such a thing be accepted?
No, not any more than it would be for any other SQL identifiers. See
(many, many) past threads.
Yes, I've seen the many past threads on that ;-) I figured it might be
acceptable for just usernames.
Not sure if it's worth it ;-), but perhaps I should clearify what I
mean. I don't actually mean "case insensitive usernames". I mean
case-folding the username to lowercase once it has been received on the
server. Not sure if that makes a difference for you, but at least now
I've explained what I really meant.
Another way to help in this particular case would be to have libpq on
win32 only force-lowercase the username IF it was retreived from the
system (but not when manually specified). Then if this was done the
kerberos username-matching code would just have to be relaxed to be case
insensitive (which it really should be, because AFAIK kerberos is
supposed to be case insensitive), and the system itself can stay case
sensitive. (I still think a generic solution would be better, but this
would solve *my* problems and those of a couple of others I've heard of
who are running on win32)
Would this be acceptable instead?
//Magnus
Import Notes
Resolved by subject fallback
"Magnus Hagander" <mha@sollentuna.net> writes:
Another way to help in this particular case would be to have libpq on
win32 only force-lowercase the username IF it was retreived from the
system (but not when manually specified).
Well, I personally don't care how bizarrely the Win32 port behaves ;-)
so I won't complain if something like that happens. You should think
twice though about whether introducing this inconsistency is going to
be a net win, or whether it'll just move the confusion someplace else.
Then if this was done the
kerberos username-matching code would just have to be relaxed to be case
insensitive (which it really should be, because AFAIK kerberos is
supposed to be case insensitive),
This however bothers me; it seems like a potential security hole (create
kerberos principal FOO, use it to break into Foo's account). Or does
kerberos guarantee FOO and Foo are the same?
regards, tom lane
Another way to help in this particular case would be to
have libpq on
win32 only force-lowercase the username IF it was retreived
from the
system (but not when manually specified).
Well, I personally don't care how bizarrely the Win32 port
behaves ;-) so I won't complain if something like that
happens. You should think twice though about whether
introducing this inconsistency is going to be a net win, or
whether it'll just move the confusion someplace else.
Windows is case-insensitive to usernames. Always has been, and I really
don't think it's about to change considering M$'s deal with backwards
compatiblity. I doubt if this would surprise anybody - at least anybody
on the win32 platform.
Actualyl, what usually surprises people is that GetUserName() returns
the case of the username *as the user entered it at login*, and *NOT* as
the administrator entered it in the Active Directory. Which can be said
to be a bug depending on how you look at it, but from a "username is
case insensitive" perspective it doesn't matter.
Note that we wouldn't case-change a userid that is actually specified by
the user (in the connectino string, on the commandline to psql).
Then if this was done the
kerberos username-matching code would just have to be relaxed to be
case insensitive (which it really should be, because AFAIKkerberos is
supposed to be case insensitive),
This however bothers me; it seems like a potential security
hole (create kerberos principal FOO, use it to break into
Foo's account).
Actually, to be specific, if you case-fold it he could get into "foo"
but not "Foo".
Or does kerberos guarantee FOO and Foo are the same?
Did some further checking, and it turns out this depends on the KDC. All
KDCs are required to be case sensitive no the *REALM*. But I can't find
any documented requirements on the principal - just signs that different
KDCs treat it differently. Windows AD KDC for example is insensitive,
whereas I think it looks like MIT is case sensitive.
Which brings me back to thinking a GUC is the way to deal with that -
you'll definitly know what kind of KDC you have when you set up
Kerberos. But perhaps this GUC should be for "permit case-insensitive
kerberos principals" and not "case-insensitive usernames". And it would
just control the comparison between kerberos principal and user-supplied
username. The user-supplied username would still be what's used in any
access to the database, regardless of case.
Reasonable?
//Magnus
Import Notes
Resolved by subject fallback
"Magnus Hagander" <mha@sollentuna.net> writes:
Which brings me back to thinking a GUC is the way to deal with that -
you'll definitly know what kind of KDC you have when you set up
Kerberos. But perhaps this GUC should be for "permit case-insensitive
kerberos principals" and not "case-insensitive usernames". And it would
just control the comparison between kerberos principal and user-supplied
username. The user-supplied username would still be what's used in any
access to the database, regardless of case.
That would work for me as long as the default is case-sensitive; the
other seems too likely to be a security hazard. (And it had better be
documented that way, too: "DO NOT turn this on unless you are certain
you are using a case-insensitive KDC.")
What will we call the GUC? kerberos_case_insensitive_principals
seems a bit, um, verbose.
regards, tom lane
Which brings me back to thinking a GUC is the way to deal
with that -
you'll definitly know what kind of KDC you have when you set up
Kerberos. But perhaps this GUC should be for "permitcase-insensitive
kerberos principals" and not "case-insensitive usernames". And it
would just control the comparison between kerberos principal and
user-supplied username. The user-supplied username would still be
what's used in any access to the database, regardless of case.That would work for me as long as the default is
case-sensitive; the other seems too likely to be a security
hazard. (And it had better be documented that way, too: "DO
NOT turn this on unless you are certain you are using a
case-insensitive KDC.")
Fine with me - you'll need to tweak the default principal name anyway to
work with the windwos KDC, so you're giong there anyawy. It's just a
matter of documenting it.
What will we call the GUC? kerberos_case_insensitive_principals
seems a bit, um, verbose.
All other kerberos parameters are krb_ and not kerberos_, so that saves
a bit :) How about just "krb_case_insensitive"? Or "krb_case_ins_princ"?
//Magnus
Import Notes
Resolved by subject fallback