Re: [EXT] Re: GSS Auth issue when user member of lots of AD groups

On Thu, May 29, 2025 at 11:41 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Jacob Champion <jacob.champion@enterprisedb.com> writes:
> > I plan to get a full test+review back to you by end-of-day. (I don't
> > see anything obviously scary yet, so if I miss my self-imposed
> > deadline, no need to wait for me.)
>
> Sure, no rush.  I just thought I'd get this off my queue if
> you were done looking.

Okay, on closer review this LGTM.

I was trying to get src/test/kerberos to shove a bunch of
authorization data into its tickets, but I haven't figured out how to
get krb5kdc to do that yet, so Chris's tests are the best we have at
the moment. Eventually I'll get around to reading the ASN.1 so that
pg-pytest can test this case, but that's not a job for today. Chris,
I'm curious: what's the failure look like for the "1. Patched Client
to Unpatched Server" case when the ticket is bigger than 16k?

Thanks!
--Jacob