Skip site navigation (1) Skip section navigation (2)

Re: krb5 authentication and multihomed server hosts

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: pod(at)herald(dot)ox(dot)ac(dot)uk (pod)
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: krb5 authentication and multihomed server hosts
Date: 2005-07-26 13:42:13
Message-ID: 27228.1122385333@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-bugs
pod(at)herald(dot)ox(dot)ac(dot)uk (pod) writes:
> PostgreSQL-Version: 7.4.7

> It is not always possible to use krb5 authentication to a server that is
> listening on multiple interfaces other than to the 'primary' interface.

> More specifically: src/backend/libpq/auth.c pg_krb5_init() fills in the
> pg_krb5_server principal with a call to krb5_sname_to_principal with NULL
> as the second argument (the hostname argument).

I see this has been changed in CVS tip, but I don't know enough about
Kerberos to know whether the change addresses your operational problem.

> I append a patch that 'fixes' behaviour for the limited case where a
> virtual_host is specified in /etc/postgresql/postgresql.conf.

VirtualHost is long gone, so this patch is of little help anyway.  Could
you take a look at CVS or a recent nightly snapshot (look under dev/ on
the FTP servers) and see if your problem is fixed or not?

			regards, tom lane

In response to

Responses

pgsql-bugs by date

Next:From: Tom LaneDate: 2005-07-26 13:50:51
Subject: Re: BUG #1787: Timestamp issue for moment when clock moved to DST
Previous:From: podDate: 2005-07-26 13:14:30
Subject: krb5 authentication and multihomed server hosts

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group