The following bug has been logged online:
Bug reference: 4932
Logged by: Peter Much
Email address: pmc(at)citylink(dot)dinoex(dot)sub(dot)org
PostgreSQL version: 8.4.0
Operating system: FreeBSD 7.2
Description: Upgrade 8.2.13 -> 8.4.0 - Kerberos option missing
In chapter 19.3.5 of the manual an option "krb_server_hostname" is
This option was present in 8.2 but is no longer present in 8.4.0
So at least we have a documentation bug here.
I was using this option.
According to my notices, the problem is that (since about 7.4) psql (or the
client lib) uses the network-interface-name to build the K5 principal name,
while postgres (the server) uses the local hostname. So this works fine as
long as hostname == interface-name; and otherwise one should set the
hostname to the interface-name in postgresql.conf with the beforementioned
I found another solution in absence of that option: I can rename the
principal in the keytab file with K5 tools and so change this name to the
Without trying to dig deeper, I am thinking what would happen if the server
listens on more than one interface. Wouldnt we need more than one principal
then? And how would we configure these on the server side if only one name
But the essential point seems to me the following: section 19.3.5 of the
manual reads "hostname is the fully qualified host name of the server
But _there_is_no_such_thing_ as a "fully qualified hostname"!
There are only _fully_qualified_interface-names_, and any host can have
*many* of these. The hostname itself is nothing else than an arbitrary label
for the machine, and it should never be used by networking software.
pgsql-bugs by date
|Next:||From: Magnus Hagander||Date: 2009-07-22 09:52:32|
|Subject: Re: BUG #4932: Upgrade 8.2.13 -> 8.4.0 - Kerberos option missing|
|Previous:||From: Michael Jeuk||Date: 2009-07-21 20:42:28|
|Subject: BUG #4931: An error occured executing the Microsoft VC++ runtime installer|