On Sat, Aug 22, 2015 at 4:06 AM, Robbie Harwood wrote: > > Michael Paquier <michael.paqu...@gmail.com> writes: > > Going through the docs, the overall approach taken by the patch looks neat, > > and the default values as designed for both the client and the server are > > good things to do. Now actually looking at the code I am suspecting that > > some code portions could be largely simplified in the authentication > > protocol code, though I don't have the time yet to look at that in details. > > If there are ways to make it simpler without sacrificing clarity, I > welcome them. Fresh eyes could definitely help with that!
I'll look at that more at next week or the week after. > > Also, when trying to connect with GSSAPI, I found the following problem: > > psql: lost synchronization with server: got message type "S", length 22 > > This happens whatever the value of require_encrypt on server-side is, > > either 0 or 1. > > Well that's not good! Since I'm not seeing this failure (even after > rebuilding my setup with patches applied to master), can you give me > more information here? Since it's independent of require_encrypt, can > you verify it doesn't happen on master without my patches? Well, I imagine that I have done nothing complicated... I have simply set up a Kerberos KDC on a dev box, created necessary credentials on this box in a keytab file that I have used afterwards to initialize a Kerberos context with kinit for the psql client. On master things worked fine, I was able to connect via gssapi. But with your patch the communication protocol visibly lost track of the messages. I took a memo about that, it's a bit rough, does not use pg_ident, but if that can help: http://michael.otacoo.com/manuals/postgresql/kerberos/ > What messages went over the wire to/from the server before this occurred (and > what was it trying to send at the time)? I haven't checked what were the messages sent over the network yet. > Did you have valid credentials? Yep. I just tried on master before switching to a build with your patch that failed. After moving back to master things worked again. -- Michael -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
