Merge pull request #990 from lib/krbsrvname

use krbsrvname for GSS auth; improve GSS docs

Author: maddyblue

README.md

@@ -19,10 +19,7 @@
 * Unix socket support
 * Notifications: `LISTEN`/`NOTIFY`
 * pgpass support
-
-## Optional Features
-
-* GSS (Kerberos) auth (to use, see GoDoc)
+* GSS (Kerberos) auth
 
 ## Tests
 

conn.go

@@ -1074,9 +1074,9 @@ func isDriverSetting(key string) bool {
 		return true
 	case "binary_parameters":
 		return true
-	case "service":
+	case "krbsrvname":
 		return true
-	case "spn":
+	case "krbspn":
 		return true
 	default:
 		return false
@@ -1168,13 +1168,13 @@ func (cn *conn) auth(r *readBuf, o values) {
 
 		var token []byte
 
-		if spn, ok := o["spn"]; ok {
+		if spn, ok := o["krbspn"]; ok {
 			// Use the supplied SPN if provided..
 			token, err = cli.GetInitTokenFromSpn(spn)
 		} else {
 			// Allow the kerberos service name to be overridden
 			service := "postgres"
-			if val, ok := o["service"]; ok {
+			if val, ok := o["krbsrvname"]; ok {
 				service = val
 			}
 

doc.go

@@ -57,8 +57,6 @@ supported:
 	* sslkey - Key file location. The file must contain PEM encoded data.
 	* sslrootcert - The location of the root certificate file. The file
 	  must contain PEM encoded data.
-	* spn - Configures GSS (Kerberos) SPN.
-	* service - GSS (Kerberos) service name to use when constructing the SPN (default is `postgres`).
 
 Valid values for sslmode are:
 
@@ -259,5 +257,12 @@ package:
 This package is in a separate module so that users who don't need Kerberos
 don't have to download unnecessary dependencies.
 
+When imported, additional connection string parameters are supported:
+
+	* krbsrvname - GSS (Kerberos) service name when constructing the
+	  SPN (default is `postgres`). This will be combined with the host
+	  to form the full SPN: `krbsrvname/host`.
+	* krbspn - GSS (Kerberos) SPN. This takes priority over
+	  `krbsrvname` if present.
 */
 package pq