Re: BUG #17740: Connecting postgresql 13 with different psql versions

Dear Team,

Just to explain my usecase, I just want every connection to try to GSSAPI
authentication first (which is first rule in my pg_hba.conf), and if on
failure it should attempt password authentication next (which is subsequent
rule in pg_hba.conf)

On Tue, 10 Jan 2023 at 20:53, Anbazhagan M <gopi(dot)anbumech(at)gmail(dot)com> wrote:

> Thanks for the clarification Tom Lane.
> Can you guide me to the right documentation or steps on how to add/update
> rules in pg_hba.conf for the possibility of gss-encrypted connections ?
> Because, whenever I establish successful connection with gssapi, I am
> getting below entry in log which shows authenticated=yes, encrypted=no,,
>
> 2023-01-10 02:23:46.835 EST [3813278] LOG: 00000: connection authorized:
> user=app_kdc_test_fid database=postgres application_name=psql SSL enabled
> (protocol=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384, bits=256,
> compression=off) GSS (authenticated=yes, encrypted=no,
> principal=kdc_test_fid/x(dot)x(dot)x(at)WLAB(dot)NET)
>
> On Tue, 10 Jan 2023 at 20:39, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
>> Anbazhagan M <gopi(dot)anbumech(at)gmail(dot)com> writes:
>> > If psql v11 is behaving in a right way, what difference made psql v13 to
>> > behave in a different way ? Was there any changes done between versions
>> of
>> > psql v11 and v13 ?
>>
>> I told you already: I think the relevant difference is the addition of GSS
>> (i.e. Kerberos or equivalent) support starting in v12. Both versions are
>> behaving correctly according to their own feature sets. What is missing
>> is that you need to update your pg_hba.conf to account for the possibility
>> of GSS-encrypted connections.
>>
>> regards, tom lane
>>
>
>
> --
> Regards,
> Anbu
>

--
Regards,
Anbu