From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Magnus Hagander <magnus(at)hagander(dot)net> |
Cc: | Kris Jurka <books(at)ejurka(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: GSSAPI and V2 protocol |
Date: | 2008-02-06 00:41:48 |
Message-ID: | 174.1202258508@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> On Tue, Jan 29, 2008 at 03:34:19AM -0500, Kris Jurka wrote:
>> Is it possible to authenticate using GSSAPI over the V2 protocol? Is
>> there any documentation on the message formats for V2?
> Honestly - don't know :-) Never looked at that part.
I tried it --- it's easy to hack libpq so that it does V2 instead of V3:
$ diff -c fe-connect.c~ fe-connect.c
*** fe-connect.c~ Mon Jan 28 21:06:30 2008
--- fe-connect.c Tue Feb 5 19:35:34 2008
***************
*** 855,861 ****
conn->addrlist = addrs;
conn->addr_cur = addrs;
conn->addrlist_family = hint.ai_family;
! conn->pversion = PG_PROTOCOL(3, 0);
conn->status = CONNECTION_NEEDED;
/*
--- 855,861 ----
conn->addrlist = addrs;
conn->addr_cur = addrs;
conn->addrlist_family = hint.ai_family;
! conn->pversion = PG_PROTOCOL(2, 0);
conn->status = CONNECTION_NEEDED;
/*
$
The answer is "no, it doesn't work":
$ psql -l
psql: GSSAPI continuation error: Invalid token was supplied
GSSAPI continuation error: No error
$
This surprises me; I would have thought the protocol was fairly
orthogonal to the auth method. We should look into it and see
if there's an easy fix or not. I have no time to poke further
right now, though.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Decibel! | 2008-02-06 01:39:48 | Re: configurability of OOM killer |
Previous Message | Gevik Babakhani | 2008-02-06 00:40:46 | Where is share\locale dir on Win? |