Re: [HACKERS] Kerberos brokenness and oops question in 8.1beta2

(Tom, this is the other one you were referring to, I hope.)

I'm still planning to do this, but I'm very pressed for time right now.
I'll try to get it done as soon as possible, but worst case it may be
around two weeks before I can do it. Sorry. If someone else wants to
beat me to it go right ahead, otherwise - it's on it's way eventually.
I think a general overview to make sure the different parts (config
section vs kerberos auth section) are actually in sync is required.

//Magnus

>
> I need a comment on this.
>
> --------------------------------------------------------------
> -------------
>
> Tom Lane wrote:
> > BTW, it appears to me that this patch has also broken the
> claim in the
> > manual that
> >
> > If [krb_server_hostname is] not set, the default is to allow any
> > service principal matching an entry in the keytab.
> >
> > The reason that was true was that we passed a NULL "server"
> value to
> > krb5_recvauth(), which with this patch we never do anymore.
> >
> > I'm not sure if this represents a serious loss of
> flexibility or not,
> > but in any case the documentation needs an update.
> >
> > regards, tom lane
> >
> > ---------------------------(end of
> > broadcast)---------------------------
> > TIP 5: don't forget to increase your free space map settings
> >
>
> --
> Bruce Momjian | http://candle.pha.pa.us
> pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
> + If your life is a hard drive, | 13 Roberts Road
> + Christ can be your backup. | Newtown Square,
> Pennsylvania 19073
>