Re: [EXT] Re: GSS Auth issue when user member of lots of AD groups
Jacob Champion <jacob.champion@enterprisedb.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Tom Lane <tgl@sss.pgh.pa.us>, Chris Gooch <cgooch@bamfunds.com>
Cc: "pgsql-bugs@lists.postgresql.org" <pgsql-bugs@lists.postgresql.org>
Date: 2025-05-29T23:17:16Z
Lists: pgsql-bugs
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Allow larger packets during GSSAPI authentication exchange.
- d98cefe1143e 18.0 landed
- ca70ee6ede1b 16.10 landed
- c81cdffa1f05 13.22 landed
- a7da7914c355 14.19 landed
- 8b0aa7a6b723 17.6 landed
- 39b1d190714a 15.14 landed
On Thu, May 29, 2025 at 11:41 AM Tom Lane <tgl@sss.pgh.pa.us> wrote: > Jacob Champion <jacob.champion@enterprisedb.com> writes: > > I plan to get a full test+review back to you by end-of-day. (I don't > > see anything obviously scary yet, so if I miss my self-imposed > > deadline, no need to wait for me.) > > Sure, no rush. I just thought I'd get this off my queue if > you were done looking. Okay, on closer review this LGTM. I was trying to get src/test/kerberos to shove a bunch of authorization data into its tickets, but I haven't figured out how to get krb5kdc to do that yet, so Chris's tests are the best we have at the moment. Eventually I'll get around to reading the ASN.1 so that pg-pytest can test this case, but that's not a job for today. Chris, I'm curious: what's the failure look like for the "1. Patched Client to Unpatched Server" case when the ticket is bigger than 16k? Thanks! --Jacob