Re: BUG #17740: Connecting postgresql 13 with different psql versions

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: gopi(dot)anbumech(at)gmail(dot)com
Cc: pgsql-bugs(at)lists(dot)postgresql(dot)org
Subject: Re: BUG #17740: Connecting postgresql 13 with different psql versions
Date: 2023-01-09 15:19:25
Message-ID: 4092738.1673277565@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

PG Bug reporting form <noreply(at)postgresql(dot)org> writes:
> With following entries in pg_hba.conf, psql v13 is prompting for password
> for Kerberos connections, whereas psql v11 succeeds connecting without any
> issue.

> local all pgbkp peer map=pgbackrest
> hostssl all +citi_pg_app_read 0.0.0.0/0 gss map=krb
> host all all 0.0.0.0/0 scram-sha-256

> [kdc_test_fid(at)icl-actpsql-vm1 /psql13]$ psql -U app_kdc_test_fid -h x.x.x -d
> postgres -p 1524
> Password for user app_kdc_test_fid:

I suspect the v13 libpq is trying GSSAPI encryption before SSL encryption,
so it falls through the hostssl line and ends up at the catchall.

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Tom Lane 2023-01-09 15:40:08 Re: BUG #17739: postgres ts_headline function is not returning matches it should during full text search
Previous Message Tom Lane 2023-01-09 15:13:01 Re: BUG #17743: Bad RIP VALUE