From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, pgsql-hackers(at)postgreSQL(dot)org |
Subject: | Re: GSSAPI doesn't play nice with non-canonical host names |
Date: | 2008-01-28 08:28:45 |
Message-ID: | 20080128082845.GA26468@svr2.hagander.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Sun, Jan 27, 2008 at 09:51:48PM -0500, Tom Lane wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> >> Whilst trying to reproduce bug #3902 I noticed that the code doesn't
> >> work with an abbreviated host name:
>
> > Testing w/ 8.3RC2, everything seems to be working fine here:
>
> Okay, that probably means there's something wacko about my Kerberos
> setup. It's quite likely got something to do with the fact that I
> set up the KDC on the same machine where I'm doing the PG testing,
> which is surely a case that would never be sane in practice.
>
> [ thinks for a bit... ] In this context there's some ambiguity as to
> whether 'rh2' should resolve as 127.0.0.1 or the machine's real IP
> address, and no doubt something is making the wrong choice someplace.
> That's probably how the localdomain lookups got into it.
Sounds likely. FWIW, DNS issues is by far the most common problem with
Kerberos installations - at least it is on Windows.
//Magnus
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2008-01-28 08:55:58 | Re: SSL connections don't cope with server crash very well at all |
Previous Message | Premsun Choltanwanich | 2008-01-28 07:18:30 | Slow Query problem |