|From:||David Steele <david(at)pgmasters(dot)net>|
|To:||Robbie Harwood <rharwood(at)redhat(dot)com>, pgsql-hackers(at)postgresql(dot)org|
|Subject:||Re: [PATCH v4] GSSAPI encryption support|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
On 2/10/16 4:06 PM, Robbie Harwood wrote:
> Hello friends,
> For your consideration, here is a new version of GSSAPI encryption
> support. For those who prefer, it's also available on my github:
It tried out this patch and ran into a few problems:
1) It didn't apply cleanly to HEAD. It did apply cleanly on a455878
which I figured was recent enough for testing. I didn't bisect to find
the exact commit that broke it.
2) While I was able to apply the patch and get it compiled it seemed
pretty flaky - I was only able to logon about 1 in 10 times on average.
Here was my testing methodology:
a) Build Postgres from a455878 (without your patch), install/configure
Kerberos and get everything working. I was able the set the auth method
to gss in pg_hba.conf and logon successfully every time.
b) On the same system rebuild Postgres from a455878 including your patch
and attempt authentication.
The problems arose after step 2b. Sometimes I would try to logon twenty
times without success and sometimes it only take five or six attempts.
I was never able to logon successfully twice in a row.
When not successful the client always output this incomplete message
(without terminating LF):
psql: expected authentication request from server, but received
From the logs I can see the server is reporting EOF from the client,
though the client does not core dump and prints the above message before
I have attached files that contain server logs at DEBUG5 and tcpdump
output for both the success and failure cases.
Please let me know if there's any more information you would like me to
|Next Message||Jeff Janes||2016-02-12 17:15:16||Seg fault in pgbench|
|Previous Message||Yury Zhuravlev||2016-02-12 16:51:26||Re: GinPageIs* don't actually return a boolean|