| From: | Nazir Bilal Yavuz <byavuz81(at)gmail(dot)com> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Cc: | Thomas Munro <thomas(dot)munro(at)gmail(dot)com> |
| Subject: | Running GSSAPI / Kerberos tests on Windows |
| Date: | 2025-12-16 13:58:03 |
| Message-ID: | CAN55FZ1ROR9dcyyE26pq7VhPNKcuSFUYG6JxPoq_Y6bmiBm-Gg@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
I enabled GSSAPI on Windows CI by using dependencies from Dave Page's
winpgbuild repository [1]. The problem is that Kerberos compilation
does not generate the 'krb5-config' executable on Windows but we
expect it while setting up KDC. Because of that, 'kerberos/001_auth'
and 'libpq/005_negotiate_encryption' tests fail with 'Command
'krb5-config' not found in ...' error although GSSAPI is enabled.
Then I tried skipping these tests' Kerberos related parts like in the
attached but 'libpq/005_negotiate_encryption' test still failed with
[2]. I found this thread [3] (CC'ing Thomas) but I still do not
understand the problem.
Any thoughts?
Example CI runs:
Windows + GSSAPI: https://cirrus-ci.com/task/6111500131106816
Windows + GSSAPI + Patch: https://cirrus-ci.com/task/6564690651774976
[1] https://github.com/dpage/winpgbuild
[3] https://postgr.es/m/CA%2BhUKGJ0tdtTiB3bHEU8C%3D5pyzc5zvDqA8dJ5q%2BThSimW8QKNw%40mail.gmail.com
[2]:
------------------------------------- 8< -------------------------------------
stderr:
# Failed test ' 'user=testuser gssencmode=prefer sslmode=disable
sslnegotiation=postgres' -> connect, authok -> plain'
# at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
# got: 'connect, gssaccept, reconnect, authok -> plain'
# expected: 'connect, authok -> plain'
#
# Failed test ' 'user=testuser gssencmode=prefer sslmode=allow
sslnegotiation=postgres' -> connect, authok -> plain'
# at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
# got: 'connect, gssaccept, reconnect, authok -> plain'
# expected: 'connect, authok -> plain'
#
# Failed test ' 'user=testuser gssencmode=prefer sslmode=prefer
sslnegotiation=postgres' -> connect, sslreject, authok -> plain'
# at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
# got: 'connect, gssaccept, reconnect, sslreject, authok -> plain'
# expected: 'connect, sslreject, authok -> plain'
#
# Failed test ' 'user=testuser gssencmode=prefer sslmode=require
sslnegotiation=postgres' -> connect, sslreject -> fail'
# at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
# got: 'connect, gssaccept, reconnect, sslreject -> fail'
# expected: 'connect, sslreject -> fail'
# psql: error: connection to server at "127.0.0.1", port 14350 failed:
could not initiate GSSAPI security context: No credentials were
supplied, or the credentials were unavailable or inaccessible:
Credential cache is empty
# connection to server at "127.0.0.1", port 14350 failed: server does
not support SSL, but SSL was required
# Failed test ' 'user=testuser gssencmode=prefer sslmode=require
sslnegotiation=direct' -> connect, directsslreject -> fail'
# at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
# got: 'connect, gssaccept, reconnect, directsslreject -> fail'
# expected: 'connect, directsslreject -> fail'
# psql: error: connection to server at "127.0.0.1", port 14350 failed:
could not initiate GSSAPI security context: No credentials were
supplied, or the credentials were unavailable or inaccessible:
Credential cache is empty
# connection to server at "127.0.0.1", port 14350 failed: server
closed the connection unexpectedly
# This probably means the server terminated abnormally
# before or while processing the request.
# SSL SYSCALL error: Connection reset by peer (0x00002746/10054)
# Failed test ' 'user=testuser gssencmode=require sslmode=disable
sslnegotiation=postgres' -> - -> fail'
# at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
# got: 'connect, gssaccept -> fail'
# expected: '- -> fail'
# psql: error: connection to server at "127.0.0.1", port 14350 failed:
could not initiate GSSAPI security context: No credentials were
supplied, or the credentials were unavailable or inaccessible:
Credential cache is empty
# Failed test ' 'user=testuser gssencmode=require sslmode=allow
sslnegotiation=postgres' -> - -> fail'
# at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
# got: 'connect, gssaccept -> fail'
# expected: '- -> fail'
# psql: error: connection to server at "127.0.0.1", port 14350 failed:
could not initiate GSSAPI security context: No credentials were
supplied, or the credentials were unavailable or inaccessible:
Credential cache is empty
# Failed test ' 'user=testuser gssencmode=require sslmode=prefer
sslnegotiation=postgres' -> - -> fail'
# at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
# got: 'connect, gssaccept -> fail'
# expected: '- -> fail'
# psql: error: connection to server at "127.0.0.1", port 14350 failed:
could not initiate GSSAPI security context: No credentials were
supplied, or the credentials were unavailable or inaccessible:
Credential cache is empty
# Failed test ' 'user=testuser gssencmode=require sslmode=require
sslnegotiation=postgres' -> - -> fail'
# at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
# got: 'connect, gssaccept -> fail'
# expected: '- -> fail'
# psql: error: connection to server at "127.0.0.1", port 14350 failed:
could not initiate GSSAPI security context: No credentials were
supplied, or the credentials were unavailable or inaccessible:
Credential cache is empty
# Failed test ' 'user=testuser gssencmode=require sslmode=require
sslnegotiation=direct' -> - -> fail'
# at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 282.
# got: 'connect, gssaccept -> fail'
# expected: '- -> fail'
# psql: error: connection to server at "127.0.0.1", port 14350 failed:
could not initiate GSSAPI security context: No credentials were
supplied, or the credentials were unavailable or inaccessible:
Credential cache is empty
# Failed test ' 'user=testuser sslmode=prefer' -> connect,
backenderror -> fail'
# at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 333.
# got: 'connect, backenderror, reconnect, backenderror -> fail'
# expected: 'connect, backenderror -> fail'
# psql: error: connection to server at "127.0.0.1", port 14350 failed:
server sent an error response during GSS encryption exchange
# connection to server at "127.0.0.1", port 14350 failed: server sent
an error response during SSL exchange
# Failed test ' 'user=testuser sslmode=prefer' -> connect, v2error -> fail'
# at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 343.
# got: 'connect, v2error, reconnect, v2error -> fail'
# expected: 'connect, v2error -> fail'
# psql: error: connection to server at "127.0.0.1", port 14350 failed:
server sent an error response during GSS encryption exchange
# connection to server at "127.0.0.1", port 14350 failed: server sent
an error response during SSL exchange
# Failed test ' 'user=testuser sslmode=prefer' -> connect,
sslaccept, backenderror, reconnect, authok -> plain'
# at C:/cirrus/src/interfaces/libpq/t/005_negotiate_encryption.pl line 353.
# got: 'connect, gssaccept, reconnect, sslaccept,
backenderror, reconnect, authok -> plain'
# expected: 'connect, sslaccept, backenderror, reconnect, authok -> plain'
#
# Looks like you failed 13 tests of 55.
--
Regards,
Nazir Bilal Yavuz
Microsoft
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Skip-Kerberos-tests-on-Windows-platforms.patch | text/x-patch | 2.0 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2025-12-16 14:02:53 | Re: [PATCH]Remove the redundant assignment |
| Previous Message | Heikki Linnakangas | 2025-12-16 13:51:14 | Re: Proposal : Use bump memory context for temp buffers |