From: | PG Bug reporting form <noreply(at)postgresql(dot)org> |
---|---|
To: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
Cc: | albert_schabhuetl(at)yahoo(dot)de |
Subject: | BUG #15520: PAM authentication + domain socket -> DNS query for symbolic hostname [local] |
Date: | 2018-11-24 10:45:54 |
Message-ID: | 15520-4c266f986998e1c5@postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 15520
Logged by: Albert Schabhuetl
Email address: albert_schabhuetl(at)yahoo(dot)de
PostgreSQL version: 10.4
Operating system: RHEL 7.4
Description:
When PAM authentication is configured for local connections via domain
socket,
during authentication the backend process sends out a DNS query
for the following symbolic hostname: [local]
This is unnecessary as it is not intended that this hostname will ever
resolve to a valid IP address,
and depending on how DNS queries are answered in the actual system it can
cause authentication delays.
Theory why this happens:
Since this commit
https://github.com/postgres/postgres/commit/2f1d2b7a75fecad25295cb3f453503eb6a176d4f#diff-f5a9c53142c3595fe47ebf5146457c6b
during PAM authenticaion the functions
pg_getnameinfo_all
pam_set_item
are called, in order to support the PAM configuration option
"pam_use_hostname".
In the case of a TCP connection and pam_use_hostname = 0,
pg_getnameinfo_all still calls the library function
getnameinfo
but with flags = 0 to achieve "do nothing" behaviour.
In the case of a domain socket connection,
regardless of pam_use_hostname,
pg_getnameinfo_all calls
getnameinfo_unix,
which ignores the flags parameter and invariably
sets the hostname to a symbolic text - [local] in our case.
When subsequently the PAM library function
pam_set_item
is called, it gets the symbolic hostname [local]
and probably it is this function which sends the DNS request for this
hostname.
From | Date | Subject | |
---|---|---|---|
Next Message | Thomas Munro | 2018-11-24 11:57:37 | Re: BUG #15520: PAM authentication + domain socket -> DNS query for symbolic hostname [local] |
Previous Message | Tom Lane | 2018-11-24 01:42:36 | Re: BUG #15519: Casting float4 into int4 gets the wrong sign instead of "integer out of range" error |