From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
---|---|
To: | Magnus Hagander <mha(at)sollentuna(dot)net> |
Cc: | PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org> |
Subject: | Re: Updated kerberos service name patch |
Date: | 2005-06-04 20:42:34 |
Message-ID: | 200506042042.j54KgYd10306@candle.pha.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-patches |
Patch applied. Thanks. I manually updated postgresql.conf.sample.
---------------------------------------------------------------------------
Magnus Hagander wrote:
> Here's an updated version of the patch, with the following changes:
>
> 1) No longer uses "service name" as "application version". It's instead
> hardcoded as "postgres". It could be argued that this part should be
> backpatched to 8.0, but it doesn't make a big difference until you can
> start changing it with GUC / connection parameters. This change only
> affects kerberos 5, not 4.
>
> 2) Now downcases kerberos usernames when the client is running on win32.
>
> 3) Adds guc option for "krb_caseins_users" to make the server ignore
> case mismatch which is required by some KDCs such as Active Directory.
> Off by default, per discussion with Tom. This change only affects
> kerberos 5, not 4.
>
> 4) Updated so it doesn't conflict with the rendevouz/bonjour patch
> already in ;-)
>
> //Magnus
>
>
>
> >-----Original Message-----
> >From: pgsql-patches-owner(at)postgresql(dot)org
> >[mailto:pgsql-patches-owner(at)postgresql(dot)org] On Behalf Of
> >Magnus Hagander
> >Sent: den 22 maj 2005 17:26
> >To: Bruce Momjian
> >Cc: PostgreSQL-patches
> >Subject: Re: [PATCHES] Updated kerberos service name patch
> >
> >
> >Hi!
> >
> >Please do not apply this patch in it's current state. It contains a
> >small bug that appears to trigger a DOS vulnerability in the MIT
> >Kerberos libraries. I will submit a new patch shortly that does not
> >expose this bug to a configurable parameter (it can still be exposed by
> >hacking the code since the issue appears in the kerberos libs, but
> >there's not much we can do there. I'm also contacting the MIT Kerberos
> >team about a fix there)
> >
> >//Magnus
> >
> >>-----Original Message-----
> >>From: Bruce Momjian [mailto:pgman(at)candle(dot)pha(dot)pa(dot)us]
> >>Sent: den 20 maj 2005 19:00
> >>To: Magnus Hagander
> >>Cc: PostgreSQL-patches
> >>Subject: Re: [PATCHES] Updated kerberos service name patch
> >>
> >>
> >>
> >>Your patch has been added to the PostgreSQL unapplied patches list at:
> >>
> >> http://momjian.postgresql.org/cgi-bin/pgpatches
> >>
> >>It will be applied as soon as one of the PostgreSQL committers reviews
> >>and approves it.
> >>
> >>---------------------------------------------------------------
> >>------------
> >>
> >>
> >>Magnus Hagander wrote:
> >>> Here is an updated version of the patch from
> >>> http://candle.pha.pa.us/mhonarc/patches2/msg00025.html. It
> >>handles the
> >>> options for libpq connections the same way other options
> >are handled,
> >>> and it also updates the kerberos documentation. It contains
> >>a couple of
> >>> minor changes to the Kerberos documentation that's not
> >>directly related
> >>> to this patch, to make it easier to read. And it updates
> >the Kerberos
> >>> information URL to the current MIT pages.
> >>>
> >>> I refactored my own code so now the Kerberos 4 specific
> >>changes are very
> >>> small. I have not verified them, but I think they shuold work. That
> >>> doesn't mean I'm still in favour of ripping out the krb4
> >>code, just that
> >>> it's fairly easy to do it as a separate step instead.
> >>>
> >>> //Magnus
> >>
> >>Content-Description: krbsrvname.patch
> >>
> >>[ Attachment, skipping... ]
> >>
> >>>
> >>> ---------------------------(end of
> >>broadcast)---------------------------
> >>> TIP 9: the planner will ignore your desire to choose an
> >>index scan if your
> >>> joining column's datatypes do not match
> >>
> >>--
> >> Bruce Momjian | http://candle.pha.pa.us
> >> pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
> >> + If your life is a hard drive, | 13 Roberts Road
> >> + Christ can be your backup. | Newtown Square,
> >>Pennsylvania 19073
> >>
> >
> >---------------------------(end of
> >broadcast)---------------------------
> >TIP 9: the planner will ignore your desire to choose an index
> >scan if your
> > joining column's datatypes do not match
> >
Content-Description: kerberos3.patch
[ Attachment, skipping... ]
>
> ---------------------------(end of broadcast)---------------------------
> TIP 9: the planner will ignore your desire to choose an index scan if your
> joining column's datatypes do not match
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
From | Date | Subject | |
---|---|---|---|
Next Message | Bruce Momjian | 2005-06-04 20:56:46 | Re: character type value is not padded with spaces |
Previous Message | Bruce Momjian | 2005-06-04 20:33:19 | Re: return_next for plperl (was Re: call for help) |