| From: | David Steele <david(at)pgmasters(dot)net> |
|---|---|
| To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Robbie Harwood <rharwood(at)redhat(dot)com> |
| Cc: | PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH v5] GSSAPI encryption support |
| Date: | 2016-02-25 15:07:13 |
| Message-ID: | 56CF18A1.5060906@pgmasters.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2/25/16 2:08 AM, Michael Paquier wrote:
> On Wed, Feb 24, 2016 at 7:12 PM, Robbie Harwood <rharwood(at)redhat(dot)com> wrote:
>>
>> Not that I can immediately see. As long as the client and server are
>> both patched, everything should work. My process is the same as with
>> previous versions of this patchset [0], and though I'm using FreeIPA
>> there is no reason it shouldn't work with any other KDC (MIT, for
>> instance[1]) provided the IPA calls are converted.
>
> I used a custom krb5kdc set up manually, and all my connection
> attempts are working on HEAD, not with your patch (both client and
> server patched).
I've got the same setup with the same results.
>> I am curious, though - I haven't changed any of the authentication code
>> in v4/v5 from what's in ~master, so how often can you log in using
>> GSSAPI using master?
>
> My guess is that there is something not been correctly cleaned up when
> closing the connection. The first attempt worked for me, not after.
I was able to get in again after a number of failed attempts, though the
number varied.
--
-David
david(at)pgmasters(dot)net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2016-02-25 15:30:33 | Re: Convert pltcl from strings to objects |
| Previous Message | Tom Lane | 2016-02-25 14:47:10 | Re: get current log file |