BTW, it appears to me that this patch has also broken the claim in the
If [krb_server_hostname is] not set, the default is to allow any
service principal matching an entry in the keytab.
The reason that was true was that we passed a NULL "server" value to
krb5_recvauth(), which with this patch we never do anymore.
I'm not sure if this represents a serious loss of flexibility or not,
but in any case the documentation needs an update.
regards, tom lane
In response to
pgsql-patches by date
|Next:||From: Tom Lane||Date: 2005-10-08 21:27:11|
|Subject: Re: [PATCH] Using pread instead of lseek (with analysis) |
|Previous:||From: Tom Lane||Date: 2005-10-08 19:42:49|
|Subject: Re: [HACKERS] Kerberos brokenness and oops question in 8.1beta2 |