Fix up usage of krb_server_keyfile GUC parameter.
Tom Lane <tgl@sss.pgh.pa.us>
Fix up usage of krb_server_keyfile GUC parameter. secure_open_gssapi() installed the krb_server_keyfile setting as KRB5_KTNAME unconditionally, so long as it's not empty. However, pg_GSS_recvauth() only installed it if KRB5_KTNAME wasn't set already, leading to a troubling inconsistency: in theory, clients could see different sets of server principal names depending on whether they use GSSAPI encryption. Always using krb_server_keyfile seems like the right thing, so make both places do that. Also fix up secure_open_gssapi()'s lack of a check for setenv() failure --- it's unlikely, surely, but security-critical actions are no place to be sloppy. Also improve the associated documentation. This patch does nothing about secure_open_gssapi()'s use of setenv(), and indeed causes pg_GSS_recvauth() to use it too. That's nominally against project portability rules, but since this code is only built with --with-gssapi, I do not feel a need to do something about this in the back branches. A fix will be forthcoming for HEAD though. Back-patch to v12 where GSSAPI encryption was introduced. The dubious behavior in pg_GSS_recvauth() goes back further, but it didn't have anything to be inconsistent with, so let it be. Discussion: https://postgr.es/m/2187460.1609263156@sss.pgh.pa.us
Files
| Path | Change | +/− |
|---|---|---|
| doc/src/sgml/client-auth.sgml | modified | +1 −5 |
| doc/src/sgml/config.sgml | modified | +9 −3 |
| src/backend/libpq/auth.c | modified | +10 −21 |
| src/backend/libpq/be-secure-gssapi.c | modified | +10 −2 |
| src/backend/utils/misc/postgresql.conf.sample | modified | +1 −1 |
Documentation touched
Discussion
- Problem with ssl and psql in Postgresql 13 34 messages · 2020-12-17 → 2020-12-30