Re: [HACKERS] Kerberos brokenness and oops question in 8.1beta2

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Magnus Hagander" <mha(at)sollentuna(dot)net>
Cc: "PostgreSQL-patches" <pgsql-patches(at)postgresql(dot)org>
Subject: Re: [HACKERS] Kerberos brokenness and oops question in 8.1beta2
Date: 2005-10-08 20:26:19
Message-ID: 467.1128803179@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-patches

BTW, it appears to me that this patch has also broken the claim in the
manual that

If [krb_server_hostname is] not set, the default is to allow any
service principal matching an entry in the keytab.

The reason that was true was that we passed a NULL "server" value to
krb5_recvauth(), which with this patch we never do anymore.

I'm not sure if this represents a serious loss of flexibility or not,
but in any case the documentation needs an update.

regards, tom lane

In response to

Responses

Browse pgsql-patches by date

  From Date Subject
Next Message Tom Lane 2005-10-08 21:27:11 Re: [PATCH] Using pread instead of lseek (with analysis)
Previous Message Tom Lane 2005-10-08 19:42:49 Re: [HACKERS] Kerberos brokenness and oops question in 8.1beta2