| From: | Richard Crampton <rich(dot)crampton(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: BUG #16897: gssenc request slow connection |
| Date: | 2021-02-25 20:52:00 |
| Message-ID: | CAL_nAvUMngJrkj6urXY-GqyDT7Xha_xGZ3Gic-Y0i63Q=5zP1Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Ok, thanks for the feedback. If you don't think it's a PG bug then I guess
we can leave it here.
Given the issue I would have expected more users to have reported a problem
so perhaps it could be my specific setup.
Regards,
Richard
On Thu, 25 Feb 2021, 20:24 Tom Lane, <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Richard Crampton <rich(dot)crampton(at)gmail(dot)com> writes:
> > It's not enabled in my pg_hba.conf which I've attached...
>
> pg_hba.conf has zero to do with this. That's only an after-the-fact
> filter, besides which you haven't actually forbidden gssenc there.
>
> The important questions are (1) was the server built with --with-gssapi
> (probably, if your client was); (2) is a Kerberos ticket available
> to the server? If so, it will be willing to engage in a gss negotiation
> with the client. Given the data you've provided so far, it seems
> highly likely that (1) and (2) are true, since as Stephen says the
> case where gss is immediately rejected shouldn't take long.
>
> I think it's nearly certain that the problem is not really PG's, but
> reflects some sort of issue in your Kerberos/AD infrastructure.
> We don't have enough info to speculate about exactly what, though.
>
> regards, tom lane
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2021-02-25 21:40:32 | Re: BUG #16897: gssenc request slow connection |
| Previous Message | Tom Lane | 2021-02-25 20:24:09 | Re: BUG #16897: gssenc request slow connection |