Skip to content

Commit

Permalink
Merge pull request #990 from lib/krbsrvname
Browse files Browse the repository at this point in the history
use krbsrvname for GSS auth; improve GSS docs
  • Loading branch information
maddyblue authored Jul 27, 2020
2 parents 984a6aa + bb1e32b commit e7751f5
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 10 deletions.
5 changes: 1 addition & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,7 @@
* Unix socket support
* Notifications: `LISTEN`/`NOTIFY`
* pgpass support

## Optional Features

* GSS (Kerberos) auth (to use, see GoDoc)
* GSS (Kerberos) auth

## Tests

Expand Down
8 changes: 4 additions & 4 deletions conn.go
Original file line number Diff line number Diff line change
Expand Up @@ -1074,9 +1074,9 @@ func isDriverSetting(key string) bool {
return true
case "binary_parameters":
return true
case "service":
case "krbsrvname":
return true
case "spn":
case "krbspn":
return true
default:
return false
Expand Down Expand Up @@ -1168,13 +1168,13 @@ func (cn *conn) auth(r *readBuf, o values) {

var token []byte

if spn, ok := o["spn"]; ok {
if spn, ok := o["krbspn"]; ok {
// Use the supplied SPN if provided..
token, err = cli.GetInitTokenFromSpn(spn)
} else {
// Allow the kerberos service name to be overridden
service := "postgres"
if val, ok := o["service"]; ok {
if val, ok := o["krbsrvname"]; ok {
service = val
}

Expand Down
9 changes: 7 additions & 2 deletions doc.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,6 @@ supported:
* sslkey - Key file location. The file must contain PEM encoded data.
* sslrootcert - The location of the root certificate file. The file
must contain PEM encoded data.
* spn - Configures GSS (Kerberos) SPN.
* service - GSS (Kerberos) service name to use when constructing the SPN (default is `postgres`).
Valid values for sslmode are:
Expand Down Expand Up @@ -259,5 +257,12 @@ package:
This package is in a separate module so that users who don't need Kerberos
don't have to download unnecessary dependencies.
When imported, additional connection string parameters are supported:
* krbsrvname - GSS (Kerberos) service name when constructing the
SPN (default is `postgres`). This will be combined with the host
to form the full SPN: `krbsrvname/host`.
* krbspn - GSS (Kerberos) SPN. This takes priority over
`krbsrvname` if present.
*/
package pq

0 comments on commit e7751f5

Please sign in to comment.