Re: [PATCH v20] GSSAPI encryption support
Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Stephen Frost <sfrost@snowman.net>
Cc: Magnus Hagander <magnus@hagander.net>, Joe Conway <mail@joeconway.com>,
Alvaro Herrera <alvherre@2ndquadrant.com>, David Steele
<david@pgmasters.net>, Michael Paquier <michael@paquier.xyz>,
Nico Williams <nico@cryptonector.com>, Robbie Harwood <rharwood@redhat.com>,
PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2019-04-05T20:41:54Z
Lists: pgsql-hackers
On 2019-04-05 14:48, Stephen Frost wrote: > All of it was built against the OS-provided Kerberos install, and you > got the failure..? right > On a failure to set up an encrypted connection, we'll actually fall back > to a non-encrypted one using GSSAPI *just* for authentication, which is> why I was asking if this worked before the encryption patch went in. The tests have always worked before. I've run them probably hundreds of times. > Also, which of the tests are still failing, exactly? The authentication > ones or the encryption ones or both? Only the encryption ones: not ok 1 - GSS-encrypted access # Failed test 'GSS-encrypted access' # at t/002_enc.pl line 170. # got: '2' # expected: '0' ok 2 - GSS encryption disabled not ok 3 - GSS encryption without auth # Failed test 'GSS encryption without auth' # at t/002_enc.pl line 170. # got: '2' # expected: '0' not ok 4 - GSS unencrypted fallback # Failed test 'GSS unencrypted fallback' # at t/002_enc.pl line 170. # got: '2' # expected: '0' ok 5 - GSS unencrypted fallback prevention -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Commits
-
GSSAPI encryption support
- b0b39f72b990 12.0 landed
-
Fix typo
- 57c932475504 9.6.0 cited