Skip site navigation (1) Skip section navigation (2)

BUG #4932: Upgrade 8.2.13 -> 8.4.0 - Kerberos option missing

From: "Peter Much" <pmc(at)citylink(dot)dinoex(dot)sub(dot)org>
To: pgsql-bugs(at)postgresql(dot)org
Subject: BUG #4932: Upgrade 8.2.13 -> 8.4.0 - Kerberos option missing
Date: 2009-07-22 09:42:51
Message-ID: 200907220942.n6M9gpri071145@wwwmaster.postgresql.org (view raw or flat)
Thread:
Lists: pgsql-bugs
The following bug has been logged online:

Bug reference:      4932
Logged by:          Peter Much
Email address:      pmc(at)citylink(dot)dinoex(dot)sub(dot)org
PostgreSQL version: 8.4.0
Operating system:   FreeBSD 7.2
Description:        Upgrade 8.2.13 -> 8.4.0 - Kerberos option missing
Details: 

In chapter 19.3.5 of the manual an option "krb_server_hostname" is
mentioned. 
This option was present in 8.2 but is no longer present in 8.4.0
So at least we have a documentation bug here.

I was using this option.
According to my notices, the problem is that (since about 7.4) psql (or the
client lib) uses the network-interface-name to build the K5 principal name,
while postgres (the server) uses the local hostname. So this works fine as
long as hostname == interface-name; and otherwise one should set the
hostname to the interface-name in postgresql.conf with the beforementioned
option.

I found another solution in absence of that option: I can rename the
principal in the keytab file with K5 tools and so change this name to the
hostname.

Without trying to dig deeper, I am thinking what would happen if the server
listens on more than one interface. Wouldnt we need more than one principal
then? And how would we configure these on the server side if only one name
is used?

But the essential point seems to me the following: section 19.3.5 of the
manual reads "hostname is the fully qualified host name of the server
machine."

But _there_is_no_such_thing_ as a "fully qualified hostname"!
There are only _fully_qualified_interface-names_, and any host can have
*many* of these. The hostname itself is nothing else than an arbitrary label
for the machine, and it should never be used by networking software.

rgds,
PMc

Responses

pgsql-bugs by date

Next:From: Magnus HaganderDate: 2009-07-22 09:52:32
Subject: Re: BUG #4932: Upgrade 8.2.13 -> 8.4.0 - Kerberos option missing
Previous:From: Michael JeukDate: 2009-07-21 20:42:28
Subject: BUG #4931: An error occured executing the Microsoft VC++ runtime installer

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group