Re: GSSAPI doesn't play nice with non-canonical host names

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Stephen Frost <sfrost(at)snowman(dot)net>, pgsql-hackers(at)postgreSQL(dot)org
Subject: Re: GSSAPI doesn't play nice with non-canonical host names
Date: 2008-01-28 08:28:45
Message-ID: 20080128082845.GA26468@svr2.hagander.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Sun, Jan 27, 2008 at 09:51:48PM -0500, Tom Lane wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> >> Whilst trying to reproduce bug #3902 I noticed that the code doesn't
> >> work with an abbreviated host name:
>
> > Testing w/ 8.3RC2, everything seems to be working fine here:
>
> Okay, that probably means there's something wacko about my Kerberos
> setup. It's quite likely got something to do with the fact that I
> set up the KDC on the same machine where I'm doing the PG testing,
> which is surely a case that would never be sane in practice.
>
> [ thinks for a bit... ] In this context there's some ambiguity as to
> whether 'rh2' should resolve as 127.0.0.1 or the machine's real IP
> address, and no doubt something is making the wrong choice someplace.
> That's probably how the localdomain lookups got into it.

Sounds likely. FWIW, DNS issues is by far the most common problem with
Kerberos installations - at least it is on Windows.

//Magnus

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Magnus Hagander 2008-01-28 08:55:58 Re: SSL connections don't cope with server crash very well at all
Previous Message Premsun Choltanwanich 2008-01-28 07:18:30 Slow Query problem