Patch applied.  Thanks.  I manually updated postgresql.conf.sample.

---------------------------------------------------------------------------


Magnus Hagander wrote:
> Here's an updated version of the patch, with the following changes:
> 
> 1) No longer uses "service name" as "application version". It's instead
> hardcoded as "postgres". It could be argued that this part should be
> backpatched to 8.0, but it doesn't make a big difference until you can
> start changing it with GUC / connection parameters. This change only
> affects kerberos 5, not 4.
> 
> 2) Now downcases kerberos usernames when the client is running on win32.
> 
> 3) Adds guc option for "krb_caseins_users" to make the server ignore
> case mismatch which is required by some KDCs such as Active Directory.
> Off by default, per discussion with Tom. This change only affects
> kerberos 5, not 4.
> 
> 4) Updated so it doesn't conflict with the rendevouz/bonjour patch
> already in ;-)
> 
> //Magnus
> 
> 
> 
> >-----Original Message-----
> >From: [EMAIL PROTECTED] 
> >[mailto:[EMAIL PROTECTED] On Behalf Of 
> >Magnus Hagander
> >Sent: den 22 maj 2005 17:26
> >To: Bruce Momjian
> >Cc: PostgreSQL-patches
> >Subject: Re: [PATCHES] Updated kerberos service name patch
> >
> >
> >Hi!
> >
> >Please do not apply this patch in it's current state. It contains a
> >small bug that appears to trigger a DOS vulnerability in the MIT
> >Kerberos libraries. I will submit a new patch shortly that does not
> >expose this bug to a configurable parameter (it can still be exposed by
> >hacking the code since the issue appears in the kerberos libs, but
> >there's not much we can do there. I'm also contacting the MIT Kerberos
> >team about a fix there)
> >
> >//Magnus
> >
> >>-----Original Message-----
> >>From: Bruce Momjian [mailto:[EMAIL PROTECTED] 
> >>Sent: den 20 maj 2005 19:00
> >>To: Magnus Hagander
> >>Cc: PostgreSQL-patches
> >>Subject: Re: [PATCHES] Updated kerberos service name patch
> >>
> >>
> >>
> >>Your patch has been added to the PostgreSQL unapplied patches list at:
> >>
> >>    http://momjian.postgresql.org/cgi-bin/pgpatches
> >>
> >>It will be applied as soon as one of the PostgreSQL committers reviews
> >>and approves it.
> >>
> >>---------------------------------------------------------------
> >>------------
> >>
> >>
> >>Magnus Hagander wrote:
> >>> Here is an updated version of the patch from
> >>> http://candle.pha.pa.us/mhonarc/patches2/msg00025.html. It 
> >>handles the
> >>> options for libpq connections the same way other options 
> >are handled,
> >>> and it also updates the kerberos documentation. It contains 
> >>a couple of
> >>> minor changes to the Kerberos documentation that's not 
> >>directly related
> >>> to this patch, to make it easier to read. And it updates 
> >the Kerberos
> >>> information URL to the current MIT pages.
> >>> 
> >>> I refactored my own code so now the Kerberos 4 specific 
> >>changes are very
> >>> small. I have not verified them, but I think they shuold work. That
> >>> doesn't mean I'm still in favour of ripping out the krb4 
> >>code, just that
> >>> it's fairly easy to do it as a separate step instead.
> >>> 
> >>> //Magnus
> >>
> >>Content-Description: krbsrvname.patch
> >>
> >>[ Attachment, skipping... ]
> >>
> >>> 
> >>> ---------------------------(end of 
> >>broadcast)---------------------------
> >>> TIP 9: the planner will ignore your desire to choose an 
> >>index scan if your
> >>>       joining column's datatypes do not match
> >>
> >>-- 
> >>  Bruce Momjian                        |  http://candle.pha.pa.us
> >>  pgman@candle.pha.pa.us               |  (610) 359-1001
> >>  +  If your life is a hard drive,     |  13 Roberts Road
> >>  +  Christ can be your backup.        |  Newtown Square, 
> >>Pennsylvania 19073
> >>
> >
> >---------------------------(end of 
> >broadcast)---------------------------
> >TIP 9: the planner will ignore your desire to choose an index 
> >scan if your
> >      joining column's datatypes do not match
> >

Content-Description: kerberos3.patch

[ Attachment, skipping... ]

> 
> ---------------------------(end of broadcast)---------------------------
> TIP 9: the planner will ignore your desire to choose an index scan if your
>       joining column's datatypes do not match

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]

Reply via email to