| From: | David Zhang <david(dot)zhang(at)highgo(dot)ca> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | kerberos regression test enhancement |
| Date: | 2020-03-05 20:53:22 |
| Message-ID: | 8808bcd2-22e0-6faa-dc2a-44478b4813eb@highgo.ca |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi Hackers,
I found one interesting behavior when "--with-gssapi" is enabled,
given a very "common" configuration in gp_hba.conf like below,
host postgres david 192.168.0.114/32 trust
the query message is always encrypted when using a very "common" way
connect to PG server,
$ psql -h pgserver -d postgres -U david
unless I specify "gssencmode=disable" with -d option,
$ psql -h pgserver -U david -d "dbname=postgres gssencmode=disable"
Based on above behaviors, I did a further exercise on kerberos
regression test and found the test coverage is not enough. It should be
enhanced to cover the above behavior when user specified a "host"
followed by "trust" access in pg_hba.conf.
the attachment is a patch to cover the behaviors mentioned above for
kerberos regression test.
Any thoughts?
Thanks,
--
David
Software Engineer
Highgo Software Inc. (Canada)
www.highgo.ca
| Attachment | Content-Type | Size |
|---|---|---|
| 001_auth.pl-host-trust.patch | text/plain | 1.0 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2020-03-05 20:57:00 | Re: Retiring support for pre-7.3 FK constraint triggers |
| Previous Message | Tom Lane | 2020-03-05 20:52:43 | Re: Retiring support for pre-7.3 FK constraint triggers |