Re: [EXT] Re: GSS Auth issue when user member of lots of AD groups

Jacob Champion <jacob.champion@enterprisedb.com>

From: Jacob Champion <jacob.champion@enterprisedb.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Chris Gooch <cgooch@bamfunds.com>, "pgsql-bugs@lists.postgresql.org" <pgsql-bugs@lists.postgresql.org>
Date: 2025-05-27T22:24:37Z
Lists: pgsql-bugs

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Allow larger packets during GSSAPI authentication exchange.

On Tue, May 27, 2025 at 3:15 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> I don't think so, because that would create exactly the cross-version
> discrepancy we need to avoid.  (That is, if sender thinks it can do
> 16384 when receiver's limit is 16384-4, kaboom.)  The patch proposes
> to allow slop in this during the auth phase when the packet size is
> really being determined by the underlying GSSAPI library anyway.
> But once we're past that and our own code is slicing up the data
> stream into packets, I think the max packet size is indeed an
> inalterable part of the protocol.

Oh, I see. Yeah, that's unfortunate but makes sense.

> Could we address your confusion by improving the comment about the
> packet-size #define to point out that it includes the header word?

Yes, I think so.

Thanks!
--Jacob