Re: [PATCH v20] GSSAPI encryption support

On 2019-04-05 14:48, Stephen Frost wrote:
> All of it was built against the OS-provided Kerberos install, and you
> got the failure..?

right

> On a failure to set up an encrypted connection, we'll actually fall back
> to a non-encrypted one using GSSAPI *just* for authentication, which is> why I was asking if this worked before the
encryptionpatch went in.
 

The tests have always worked before.  I've run them probably hundreds of
times.

> Also, which of the tests are still failing, exactly?  The authentication
> ones or the encryption ones or both?

Only the encryption ones:

not ok 1 - GSS-encrypted access

#   Failed test 'GSS-encrypted access'
#   at t/002_enc.pl line 170.
#          got: '2'
#     expected: '0'
ok 2 - GSS encryption disabled
not ok 3 - GSS encryption without auth

#   Failed test 'GSS encryption without auth'
#   at t/002_enc.pl line 170.
#          got: '2'
#     expected: '0'
not ok 4 - GSS unencrypted fallback

#   Failed test 'GSS unencrypted fallback'
#   at t/002_enc.pl line 170.
#          got: '2'
#     expected: '0'
ok 5 - GSS unencrypted fallback prevention

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services