Re: [EXT] Re: GSS Auth issue when user member of lots of AD groups

On Tue, May 27, 2025 at 3:15 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> I don't think so, because that would create exactly the cross-version
> discrepancy we need to avoid.  (That is, if sender thinks it can do
> 16384 when receiver's limit is 16384-4, kaboom.)  The patch proposes
> to allow slop in this during the auth phase when the packet size is
> really being determined by the underlying GSSAPI library anyway.
> But once we're past that and our own code is slicing up the data
> stream into packets, I think the max packet size is indeed an
> inalterable part of the protocol.

Oh, I see. Yeah, that's unfortunate but makes sense.

> Could we address your confusion by improving the comment about the
> packet-size #define to point out that it includes the header word?

Yes, I think so.

Thanks!
--Jacob