Skip site navigation (1) Skip section navigation (2)

Re: BUG #5559: Full SSL verification fails when hostaddr provided

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Magnus Hagander <magnus(at)hagander(dot)net>, Christopher Head <chris2k01(at)hotmail(dot)com>, pgsql-bugs <pgsql-bugs(at)postgresql(dot)org>
Subject: Re: BUG #5559: Full SSL verification fails when hostaddr provided
Date: 2010-07-14 19:20:09
Message-ID: 10950.1279135209@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-bugs
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> I've never found a reason to use hostaddr, so I don't particularly care,
> but it doesn't seem right to break Kerberos auth if you were only given
> an IP address unless hostaddr's entire point is that it will prevent a
> DNS lookup from happening, ever.

Well, given your description we *can't* prevent Kerberos auth from doing
a synchronous reverse-DNS lookup.  So the question is why did that test
get put in, back in 2005?  I have no objection to removing it if that
doesn't lead to crashing, but ...

			regards, tom lane

In response to

Responses

pgsql-bugs by date

Next:From: Stephen FrostDate: 2010-07-14 21:28:05
Subject: Re: BUG #5559: Full SSL verification fails when hostaddrprovided
Previous:From: Stephen FrostDate: 2010-07-14 18:32:40
Subject: Re: BUG #5559: Full SSL verification fails when hostaddrprovided

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group