| From: | Peter Much <pmc(at)citylink(dot)dinoex(dot)sub(dot)org> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #4932: Upgrade 8.2.13 -> 8.4.0 - Kerberos option missing |
| Date: | 2009-07-22 15:29:50 |
| Message-ID: | 20090722152949.GA61782@gate.oper.dinoex.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Dear Magnus!
On Wed, Jul 22, 2009 at 11:52:32AM +0200, Magnus Hagander wrote:
! On Wed, Jul 22, 2009 at 11:42, Peter Much<pmc(at)citylink(dot)dinoex(dot)sub(dot)org> wrote:
! > In chapter 19.3.5 of the manual an option "krb_server_hostname" is
! > mentioned.
! > This option was present in 8.2 but is no longer present in 8.4.0
!
! It is present, only it has now been moved to pg_hba.conf. It is no
! longer in postgresql.conf. My guess is that you tried it configured
! the same way as in previous versions, where there was a global
! parameter in postgresql.conf?
Nearly. I merged my old and new config, noticed the option was gone,
tried it nevertheless and got an error, tried again without it and
obviousely logins did not work.
I confess that I did not carefully study new HBA features - but even
if I had, I am not quite sure if I would have gotten that point at
once.
Now understanding it, I bow in respect - this is indeed a fine
improvement!
! > But _there_is_no_such_thing_ as a "fully qualified hostname"!
! In a very large part of the cases, the fully qualified hostname will
! be the same as the fully qualified interface name for the only
! interface that's configured.
Alright, frankly and just out of band of the topic, let me say
one thing: I am installing systems for the big commercial vendors
for more than a decade now, and this matter was an ongoing annoyance
all of the time.
While at first glance it may be considered just a matter of
convenience, the real trouble starts as soon as one does
high-availability solutions; these will definitely break on such
an assumption, and we end up with patching the hostname on takeover:
so having no functional mailer, unintellegible logfiles, not knowing
for sure on which hardware we admins are logged in, and similar
ugliness more.
Here I am talking about the commercial middleware vendors, who
are really stubborn in this matter - in the OpenSource the situation
is already a thousand times better!
! Anyway, the whole reason for moving the krb_server_hostname parameter
! into pg_hba.conf is to make it *more* flexible to configure situations
! like this.
Indeed, I agree with You, and I am very happy. :)
rgds,
PMc
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Aaron Marcuse-Kubitza | 2009-07-22 15:36:36 | BUG #4933: ts_rewrite() causes segfault when query with more than one node becomes empty |
| Previous Message | Magnus Hagander | 2009-07-22 09:52:32 | Re: BUG #4932: Upgrade 8.2.13 -> 8.4.0 - Kerberos option missing |