| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Christopher Head <chris2k01(at)hotmail(dot)com>, pgsql-bugs <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #5559: Full SSL verification fails when hostaddr provided |
| Date: | 2010-07-15 20:18:06 |
| Message-ID: | 11168.1279225086@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
>> I suggest that we document hostaddr as being an auxiliary field that is
>> not intended to be the primary source of the host name, but merely saves
>> libpq from having to do a forward DNS lookup. In some cases it will
>> work to supply hostaddr without host, but in others it won't. We should
>> also state that supplying it does not guarantee no DNS lookups occur,
>> because these external auth libraries will do one anyway.
> That sounds like it implies we'd also remove the check which prevents
> Kerberos from being used and fix it to use hostaddr if host is null.
Uh, no, it implies no such thing. I don't think that's a "fix", it's
merely fuzzing what the values are for.
Magnus, I'm curious to hear your thoughts on this...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heinz Groote | 2010-07-16 10:39:05 | BUG #5562: icon "terrestrial globe" much too big |
| Previous Message | Stephen Frost | 2010-07-15 20:03:05 | Re: BUG #5559: Full SSL verification fails when hostaddr provided |