| From: | PG Bug reporting form <noreply(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Cc: | gopi(dot)anbumech(at)gmail(dot)com |
| Subject: | BUG #17740: Connecting postgresql 13 with different psql versions |
| Date: | 2023-01-09 08:25:45 |
| Message-ID: | 17740-f9e629897b58b2c3@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 17740
Logged by: Anbu
Email address: gopi(dot)anbumech(at)gmail(dot)com
PostgreSQL version: 13.8
Operating system: linux
Description:
For GSSAPI Kerberos external authenticated connections, it appears that psql
v13 is not honouring order of the rules specified in pg_hba.conf. Will there
be any difference in way/options with which psql binary has been built ?
With following entries in pg_hba.conf, psql v13 is prompting for password
for Kerberos connections, whereas psql v11 succeeds connecting without any
issue.
local all pgbkp peer map=pgbackrest
hostssl all +citi_pg_app_read 0.0.0.0/0 gss map=krb
host all all 0.0.0.0/0 scram-sha-256
[kdc_test_fid(at)icl-actpsql-vm1 /psql13]$ psql -U app_kdc_test_fid -h x.x.x -d
postgres -p 1524
Password for user app_kdc_test_fid:
[kdc_test_fid(at)icl-actpsql-vm1 /psql11]$ psql -U app_kdc_test_fid -h x.x.x -d
postgres -p 1524
psql (11.13, server 13.8)
WARNING: psql major version 11, server major version 13.
Some psql features might not work.
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384,
bits: 256, compression: off)
Type "help" for help.
postgres=>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
But as soon as the this line is commented out in pg_hba.conf, GSSAPI
Kerberos external authenticated connection succeeds for both psql V13 and
v11.
#host all all 0.0.0.0/0 scram-sha-256
[kdc_test_fid(at)icl-actpsql-vm1 /psql13]$ psql -U app_kdc_test_fid -h x.x.x -d
postgres -p 1524
psql (13.8)
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits:
256, compression: off)
Type "help" for help.
postgres=>
[kdc_test_fid(at)icl-actpsql-vm1 /psql11]$ psql -U app_kdc_test_fid -h x.x.x -d
postgres -p 1524
psql (11.13, server 13.8)
WARNING: psql major version 11, server major version 13.
Some psql features might not work.
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384,
bits: 256, compression: off)
Type "help" for help.
postgres=>
Note: app_kdc_test_fid user is part of defined group in hba rules.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | PG Bug reporting form | 2023-01-09 08:37:37 | BUG #17741: vacuum process hangs after pg_surgery manipulations |
| Previous Message | PG Bug reporting form | 2023-01-08 16:28:24 | BUG #17739: postgres ts_headline function is not returning matches it should during full text search |