Re: [PATCH v20] GSSAPI encryption support

Peter Eisentraut <peter.eisentraut@2ndquadrant.com>

From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Stephen Frost <sfrost@snowman.net>
Cc: Magnus Hagander <magnus@hagander.net>, Joe Conway <mail@joeconway.com>, Alvaro Herrera <alvherre@2ndquadrant.com>, David Steele <david@pgmasters.net>, Michael Paquier <michael@paquier.xyz>, Nico Williams <nico@cryptonector.com>, Robbie Harwood <rharwood@redhat.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2019-04-05T07:50:20Z
Lists: pgsql-hackers
On 2019-04-05 04:59, Stephen Frost wrote:
> Alright, that over-size error was a bug in the error-handling code,
> which I've just pushed a fix for.  That said...

Yes, that looks better now.

> This looks like it's a real issue and it's unclear what's going on here.
> I wonder- are you certain that you're using all the same Kerberos
> libraries for the KDC, the server, and psql?

Right, it was built against the OS-provided Kerberos installation
(/usr/bin etc.).  If I build against the Homebrew-provided one then the
tests pass.

So maybe that means that this encryption feature is not supported on
that (presumably older) installation?  (krb5-config --version says
"Kerberos 5 release 1.7-prerelease")  Is that plausible?  Is a gentler
failure mode possible?

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services



Commits

  1. GSSAPI encryption support

  2. Fix typo