Re: BUG #5559: Full SSL verification fails when hostaddr provided

Поиск
Список
Период
Сортировка
От Stephen Frost
Тема Re: BUG #5559: Full SSL verification fails when hostaddr provided
Дата
Msg-id 20100714173942.GM21875@tamriel.snowman.net
обсуждение исходный текст
Ответ на Re: BUG #5559: Full SSL verification fails when hostaddr provided  (Tom Lane <tgl@sss.pgh.pa.us>)
Ответы Re: BUG #5559: Full SSL verification fails when hostaddr provided
Список pgsql-bugs
* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> ... btw, the libpq documentation claims that
>=20
>     If hostaddr is specified without host, the value for hostaddr
>     gives the remote address. When Kerberos is used, a reverse name
>     query occurs to obtain the host name for Kerberos.
>=20
> but so far as I can see this is flat wrong.  pg_krb5_sendauth throws
> an error if you didn't provide a host name, and so do the other places
> in fe-auth.c that need the host name.  What we're about to do to SSL
> verification will match that.  So I think the docs need a fix here.

I think the confusion here is that the *Kerberos* libraries do the
reverse-DNS lookup to get the hostname to request as part of the
principal.  It's true that we don't, but that doesn't mean it's not
done.  Not sure where or if we need to discuss how Kerberos works in the
libpq documentation or what the context is for the above, but I'm pretty
sure that's where the original wording came from.

    Thanks,

        Stephen

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: BUG #5559: Full SSL verification fails when hostaddr provided
Следующее
От: Tom Lane
Дата:
Сообщение: Re: BUG #5559: Full SSL verification fails when hostaddr provided