From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Jacob Champion <pchampion(at)vmware(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
Subject: | Re: Fixing cache pollution in the Kerberos test suite |
Date: | 2021-01-25 18:49:01 |
Message-ID: | 1894698.1611600541@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> * Jacob Champion (pchampion(at)vmware(dot)com) wrote:
>> I was running tests with a GSS-enabled stack, and ran into some very
>> long psql timeouts after running the Kerberos test suite. It turns out
>> the suite pushes test credentials into the user's global cache, and
>> these no-longer-useful credentials persist after the suite has
>> finished. (You can see this in action by running the test/kerberos
>> suite and then running `klist`.) This leads to long hangs, I assume
>> while the GSS implementation tries to contact a KDC that no longer
>> exists.
>> Attached is a patch that initializes a local credentials cache inside
>> tmp_check/krb5cc, and tells psql to use it via the KRB5CCNAME envvar.
>> This prevents the global cache pollution. WDYT?
> Ah, yeah, that generally seems like a good idea.
Yeah, changing global state is just awful. However, I don't
actually see any change here (RHEL8):
$ klist
klist: Credentials cache 'KCM:1001' not found
$ make check
...
Result: PASS
$ klist
klist: Credentials cache 'KCM:1001' not found
I suppose in an environment where someone was really using Kerberos,
the random kinit would be more of a problem.
Also, why are you only setting the ENV variable within narrow parts
of the test script? I'd be inclined to enforce it throughout.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Jacob Champion | 2021-01-25 19:00:41 | Re: Fixing cache pollution in the Kerberos test suite |
Previous Message | Stephen Frost | 2021-01-25 18:36:46 | Re: Fixing cache pollution in the Kerberos test suite |