| From: | Christopher Head <chris2k01(at)hotmail(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, pgsql-bugs <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #5559: Full SSL verification fails when hostaddr provided |
| Date: | 2011-01-05 06:26:46 |
| Message-ID: | BLU0-SMTP212FFB0241F0C6973D7991AF4090@phx.gbl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Tue, 4 Jan 2011 19:42:38 -0500
Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> Me, too. I reread the original discussion of this topic and I'm still
> a little fuzzy on it, but the issue that was under discussion seems to
> be what information we pass to external auth libraries like GSSAPI or
> Kerberos, given that we have host and hostaddr to choose from.
I'd have thought the logical thing there would be "host", in keeping
with the idea that "host is the thing you want to connect to, hostaddr
is just how you get there". If you're tunnelling through SSH, you want
to ask Kerberos for a ticket to the final end machine, not "localhost",
after all.
Chris
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Page | 2011-01-05 07:40:22 | Re: Are CSV logs supported in the PgAdmin log viewer? |
| Previous Message | Melzaiady | 2011-01-05 05:38:12 | Re: BUG #5809: bigserial duplicate value |