| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | "Todd M(dot) Kover" <kovert(at)omniscient(dot)com>, Nico Williams <nico(at)cryptonector(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: pg16 && GSSAPI && Heimdal/Macos |
| Date: | 2025-05-28 21:59:35 |
| Message-ID: | 1702597.1748469575@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> writes:
> - I also want to draw attention to the fact that libpq can't claim
> that a credential is delegated if it's not; that breaks the security
> of our FDWs. So pg_store_delegated_credential() cannot be a no-op.
Right. What I had in mind if we cannot find an alternative
implementation was
void
pg_store_delegated_credential(gss_cred_id_t cred)
{
#ifdef HAVE_GSS_STORE_CRED_INTO
...
major = gss_store_cred_into(&minor,
...
#else
elog(ERROR, "credential delegation is not implemented");
#endif
}
combined with a check_hook that prevents the gss_accept_delegation
GUC from being set to "true" if not HAVE_GSS_STORE_CRED_INTO.
(That should make the above-depicted elog unreachable, but
belt and suspenders too isn't a bad plan.)
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jacob Champion | 2025-05-28 22:01:49 | Re: pg16 && GSSAPI && Heimdal/Macos |
| Previous Message | Jacob Champion | 2025-05-28 21:45:49 | Re: pg16 && GSSAPI && Heimdal/Macos |