| From: | Robbie Harwood <rharwood(at)redhat(dot)com> |
|---|---|
| To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
| Cc: | PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH v2] GSSAPI encryption support |
| Date: | 2015-09-09 16:44:49 |
| Message-ID: | jlgsi6n8rum.fsf@thriss.redhat.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Michael Paquier <michael(dot)paquier(at)gmail(dot)com> writes:
> On Wed, Sep 9, 2015 at 4:12 AM, Robbie Harwood wrote:
>> Michael Paquier writes:
>> As promised, here's a V2 to address your issues with comments. I
>> haven't heard back on the issues you found in testing, so no other
>> changes are present.
>
> Well, the issue is still here: login through gssapi fails with your
> patch, not with HEAD. This patch is next on my review list by the way
> so I'll see what I can do about it soon even if I am in the US for
> Postgres Open next week. Still, how did you test it? I am just
> creating by myself a KDC, setting up a valid credential with kinit,
> and after setting up Postgres for this purpose the protocol
> communication just fails.
My KDC is setup through freeIPA; I create a service for postgres,
acquire a keytab, set it in the config file, and fire up the server. It
should go without saying that this is working for me, which is why I
asked you for more information so I could try to debug. I wrote a post
on this back in June when this was still in development:
http://mivehind.net/page/view-page-slug/16/postgres-kerberos
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oskari Saarenmaa | 2015-09-09 17:03:58 | Re: jsonb_concat: make sure we always return a non-scalar value |
| Previous Message | Tomas Vondra | 2015-09-09 15:54:03 | Re: DBT-3 with SF=20 got failed |