Re: BUG #5559: Full SSL verification fails when hostaddr provided

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Magnus Hagander <magnus(at)hagander(dot)net>, Christopher Head <chris2k01(at)hotmail(dot)com>, pgsql-bugs <pgsql-bugs(at)postgresql(dot)org>
Subject: Re: BUG #5559: Full SSL verification fails when hostaddr provided
Date: 2010-07-14 19:20:09
Message-ID: 10950.1279135209@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Stephen Frost <sfrost(at)snowman(dot)net> writes:
> I've never found a reason to use hostaddr, so I don't particularly care,
> but it doesn't seem right to break Kerberos auth if you were only given
> an IP address unless hostaddr's entire point is that it will prevent a
> DNS lookup from happening, ever.

Well, given your description we *can't* prevent Kerberos auth from doing
a synchronous reverse-DNS lookup. So the question is why did that test
get put in, back in 2005? I have no objection to removing it if that
doesn't lead to crashing, but ...

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Stephen Frost 2010-07-14 21:28:05 Re: BUG #5559: Full SSL verification fails when hostaddr provided
Previous Message Stephen Frost 2010-07-14 18:32:40 Re: BUG #5559: Full SSL verification fails when hostaddr provided