Re: [PATCH v20] GSSAPI encryption support

Peter Eisentraut <peter.eisentraut@2ndquadrant.com>

From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Stephen Frost <sfrost@snowman.net>
Cc: Magnus Hagander <magnus@hagander.net>, Joe Conway <mail@joeconway.com>, Alvaro Herrera <alvherre@2ndquadrant.com>, David Steele <david@pgmasters.net>, Michael Paquier <michael@paquier.xyz>, Nico Williams <nico@cryptonector.com>, Robbie Harwood <rharwood@redhat.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2019-04-05T20:41:54Z
Lists: pgsql-hackers
On 2019-04-05 14:48, Stephen Frost wrote:
> All of it was built against the OS-provided Kerberos install, and you
> got the failure..?

right

> On a failure to set up an encrypted connection, we'll actually fall back
> to a non-encrypted one using GSSAPI *just* for authentication, which is> why I was asking if this worked before the encryption patch went in.

The tests have always worked before.  I've run them probably hundreds of
times.

> Also, which of the tests are still failing, exactly?  The authentication
> ones or the encryption ones or both?

Only the encryption ones:

not ok 1 - GSS-encrypted access

#   Failed test 'GSS-encrypted access'
#   at t/002_enc.pl line 170.
#          got: '2'
#     expected: '0'
ok 2 - GSS encryption disabled
not ok 3 - GSS encryption without auth

#   Failed test 'GSS encryption without auth'
#   at t/002_enc.pl line 170.
#          got: '2'
#     expected: '0'
not ok 4 - GSS unencrypted fallback

#   Failed test 'GSS unencrypted fallback'
#   at t/002_enc.pl line 170.
#          got: '2'
#     expected: '0'
ok 5 - GSS unencrypted fallback prevention

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services



Commits

  1. GSSAPI encryption support

  2. Fix typo