On 2019-04-05 14:48, Stephen Frost wrote:
> All of it was built against the OS-provided Kerberos install, and you
> got the failure..?
right
> On a failure to set up an encrypted connection, we'll actually fall back
> to a non-encrypted one using GSSAPI *just* for authentication, which is> why I was asking if this worked before the
encryptionpatch went in.
The tests have always worked before. I've run them probably hundreds of
times.
> Also, which of the tests are still failing, exactly? The authentication
> ones or the encryption ones or both?
Only the encryption ones:
not ok 1 - GSS-encrypted access
# Failed test 'GSS-encrypted access'
# at t/002_enc.pl line 170.
# got: '2'
# expected: '0'
ok 2 - GSS encryption disabled
not ok 3 - GSS encryption without auth
# Failed test 'GSS encryption without auth'
# at t/002_enc.pl line 170.
# got: '2'
# expected: '0'
not ok 4 - GSS unencrypted fallback
# Failed test 'GSS unencrypted fallback'
# at t/002_enc.pl line 170.
# got: '2'
# expected: '0'
ok 5 - GSS unencrypted fallback prevention
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services