| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Richard Crampton <rich(dot)crampton(at)gmail(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: BUG #16897: gssenc request slow connection |
| Date: | 2021-02-25 20:24:09 |
| Message-ID: | 76901.1614284649@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Richard Crampton <rich(dot)crampton(at)gmail(dot)com> writes:
> It's not enabled in my pg_hba.conf which I've attached...
pg_hba.conf has zero to do with this. That's only an after-the-fact
filter, besides which you haven't actually forbidden gssenc there.
The important questions are (1) was the server built with --with-gssapi
(probably, if your client was); (2) is a Kerberos ticket available
to the server? If so, it will be willing to engage in a gss negotiation
with the client. Given the data you've provided so far, it seems
highly likely that (1) and (2) are true, since as Stephen says the
case where gss is immediately rejected shouldn't take long.
I think it's nearly certain that the problem is not really PG's, but
reflects some sort of issue in your Kerberos/AD infrastructure.
We don't have enough info to speculate about exactly what, though.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Richard Crampton | 2021-02-25 20:52:00 | Re: BUG #16897: gssenc request slow connection |
| Previous Message | Richard Crampton | 2021-02-25 20:00:05 | Re: BUG #16897: gssenc request slow connection |