|From:||Jakob Egger <jakob(at)eggerapps(dot)at>|
|To:||Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk>|
|Cc:||PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Michael Paquier <michael(at)paquier(dot)xyz>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>|
|Subject:||Re: Frontend/Backend Protocol: SSL / GSS Protocol Negotiation Problem|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
> On 6. Dec 2019, at 16:45, Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk> wrote:
>>>>>> "Jakob" == Jakob Egger <jakob(at)eggerapps(dot)at> writes:
> Jakob> But this also needs to be fixed on the client side as well,
> Jakob> otherwise affected clients can't connect to older servers
> Jakob> anymore.
> There's a workaround, which is to set PGGSSENCMODE=disable on the
> It would be far better to avoid complicating the client side with this
> if we can possibly do so.
As far as I understand, the bug impacts clients version 12.0 or later who have Kerberos when connecting to 12.0 or 12.1 servers that don't have Kerberos. (Assuming that the bug will be fixed server side in 12.2)
I don't know how many people use Kerberos, so I can't say if it's worth the additional complexiity to work around the bug.
In any case, the workaround should probably be documented somewhere:
If you try to connect to a PostgreSQL 12.0 or 12.1 server and you get the following error message:
psql: error: could not connect to server: FATAL: unsupported frontend protocol 1234.5679: server supports 2.0 to 3.0
Then you need to use the connection parameter gssencmode=disable
Is there a place where such workarounds are documented, or do we rely on Google indexing the mailing list archive?
|Next Message||Alvaro Herrera||2019-12-06 21:41:20||Re: log bind parameter values on error|
|Previous Message||Andrew Dunstan||2019-12-06 19:30:51||Re: Using XLogFileNameP in critical section|