mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make it possible to change Kerberos/GSSAPI parameters without restarting

Browse Source 
the postmaster. They are only used in backend processes, so it's just
a matter of re-labeling the GUCs.
This commit is contained in:
Magnus Hagander 2009-01-02 10:33:20 +00:00
parent bdcc7576f4
commit a27addbc87
2 changed files with 12 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
doc/src/sgml/config.sgml
View File

@ -1,4 +1,4 @@
<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.200 2008/12/13 19:13:43 tgl Exp $ --> <!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.201 2009/01/02 10:33:19 mha Exp $ -->
<chapter Id="runtime-config"> <chapter Id="runtime-config">
<title>Server Configuration</title> <title>Server Configuration</title>
@ -621,8 +621,7 @@ SET ENABLE_SEQSCAN TO OFF;
<para> <para>
Sets the realm to match Kerberos, GSSAPI and SSPI user names against. Sets the realm to match Kerberos, GSSAPI and SSPI user names against.
See <xref linkend="kerberos-auth">, <xref linkend="gssapi-auth"> or See <xref linkend="kerberos-auth">, <xref linkend="gssapi-auth"> or
<xref linkend="sspi-auth"> for details. This parameter can only be <xref linkend="sspi-auth"> for details.
set at server start.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -636,7 +635,7 @@ SET ENABLE_SEQSCAN TO OFF;
<para> <para>
Sets the location of the Kerberos server key file. See Sets the location of the Kerberos server key file. See
<xref linkend="kerberos-auth"> or <xref linkend="gssapi-auth"> <xref linkend="kerberos-auth"> or <xref linkend="gssapi-auth">
for details. This parameter can only be set at server start. for details.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -649,7 +648,7 @@ SET ENABLE_SEQSCAN TO OFF;
<listitem> <listitem>
<para> <para>
Sets the Kerberos service name. See <xref linkend="kerberos-auth"> Sets the Kerberos service name. See <xref linkend="kerberos-auth">
for details. This parameter can only be set at server start. for details.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -666,7 +665,7 @@ SET ENABLE_SEQSCAN TO OFF;
the complete service principal, that is the complete service principal, that is
<varname>krb_srvname</><literal>/</><varname>krb_server_hostname</><literal>@</>REALM. <varname>krb_srvname</><literal>/</><varname>krb_server_hostname</><literal>@</>REALM.
If not set, the default is the server host name. See <xref linkend="kerberos-auth"> If not set, the default is the server host name. See <xref linkend="kerberos-auth">
for details. This parameter can only be set at server start. for details.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -680,8 +679,7 @@ SET ENABLE_SEQSCAN TO OFF;
<para> <para>
Sets whether Kerberos and GSSAPI user names should be treated Sets whether Kerberos and GSSAPI user names should be treated
case-insensitively. case-insensitively.
The default is <literal>off</> (case sensitive). This parameter The default is <literal>off</> (case sensitive).
can only be set at server start.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>

12
src/backend/utils/misc/guc.c
View File

@ -10,7 +10,7 @@
* Written by Peter Eisentraut <peter_e@gmx.net>. * Written by Peter Eisentraut <peter_e@gmx.net>.
* *
* IDENTIFICATION * IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.486 2009/01/02 02:02:10 tgl Exp $ * $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.487 2009/01/02 10:33:20 mha Exp $
* *
*-------------------------------------------------------------------- *--------------------------------------------------------------------
*/ */
@ -1144,7 +1144,7 @@ static struct config_bool ConfigureNamesBool[] =
}, },
{ {
{"krb_caseins_users", PGC_POSTMASTER, CONN_AUTH_SECURITY, {"krb_caseins_users", PGC_SIGHUP, CONN_AUTH_SECURITY,
gettext_noop("Sets whether Kerberos and GSSAPI user names should be treated as case-insensitive."), gettext_noop("Sets whether Kerberos and GSSAPI user names should be treated as case-insensitive."),
NULL NULL
}, },
@ -2123,7 +2123,7 @@ static struct config_string ConfigureNamesString[] =
}, },
{ {
{"krb_realm", PGC_POSTMASTER, CONN_AUTH_SECURITY, {"krb_realm", PGC_SIGHUP, CONN_AUTH_SECURITY,
gettext_noop("Sets realm to match Kerberos and GSSAPI users against."), gettext_noop("Sets realm to match Kerberos and GSSAPI users against."),
NULL, NULL,
GUC_SUPERUSER_ONLY GUC_SUPERUSER_ONLY
@ -2133,7 +2133,7 @@ static struct config_string ConfigureNamesString[] =
}, },
{ {
{"krb_server_keyfile", PGC_POSTMASTER, CONN_AUTH_SECURITY, {"krb_server_keyfile", PGC_SIGHUP, CONN_AUTH_SECURITY,
gettext_noop("Sets the location of the Kerberos server key file."), gettext_noop("Sets the location of the Kerberos server key file."),
NULL, NULL,
GUC_SUPERUSER_ONLY GUC_SUPERUSER_ONLY
@ -2143,7 +2143,7 @@ static struct config_string ConfigureNamesString[] =
}, },
{ {
{"krb_srvname", PGC_POSTMASTER, CONN_AUTH_SECURITY, {"krb_srvname", PGC_SIGHUP, CONN_AUTH_SECURITY,
gettext_noop("Sets the name of the Kerberos service."), gettext_noop("Sets the name of the Kerberos service."),
NULL NULL
}, },
@ -2152,7 +2152,7 @@ static struct config_string ConfigureNamesString[] =
}, },
{ {
{"krb_server_hostname", PGC_POSTMASTER, CONN_AUTH_SECURITY, {"krb_server_hostname", PGC_SIGHUP, CONN_AUTH_SECURITY,
gettext_noop("Sets the hostname of the Kerberos server."), gettext_noop("Sets the hostname of the Kerberos server."),
NULL NULL
}, },