[pgpool-hackers: 3837] Re: Dealing with GSSAPI

Umar Hayat m.umarkiani at gmail.com
Thu Oct 1 22:15:18 JST 2020 

Hi Ishii,

I tested your patch and was not able to apply it, so I rebased it. I tested
it on Pgpool 4.1 and it is working as expected.

- GSSAPI Authentication direct to PG13
[umarhayat at localhost pgpool2]# psql -U
"postgres/myrealm.example at MYREALM.EXAMPLE" -h myrealm.example postgres -p
5432
psql (13.0)
GSSAPI-encrypted connection
Type "help" for help.

- GSSAPI Authentication via Pgpool direct to PG13 (before patch)
postgres=# \q
[umarhayat at localhost pgpool2]# psql -U
"postgres/myrealm.example at MYREALM.EXAMPLE" -h myrealm.example postgres -p
9999
psql: error: could not connect to server: server closed the connection
unexpectedly
This probably means the server terminated abnormally
before or while processing the request.

- GSSAPI Authentication via Pgpool direct to PG13 (after patch)
[umarhayat at localhost pgpool2]# psql -U
"postgres/myrealm.example at MYREALM.EXAMPLE" -h myrealm.example postgres -p
9999
psql: error: could not connect to server: ERROR:  failed to authenticate
with backend
DETAIL:  unsupported auth kind received from backend: authkind:7

Regards
Umar Hayat

On Wed, Sep 23, 2020 at 8:15 AM Tatsuo Ishii <ishii at sraoss.co.jp> wrote:

> As you might already know, Pgpool-II currently does not support
> GSSAPI.  Until we support it, I think we need to tell frontend that
> Pgpool-II does not support GSSAPI when frontend requests it. Otherwise
> frontend will have a confusing message from Pgpool-II.
>
> https://www.pgpool.net/pipermail/pgpool-general/2020-September/007353.html
>
> Attached patch should do it. I don't have GSSAPI enabled frontend and
> I cannot test it. I would appreciate if someone tests it out.
>
> Best regards,
> --
> Tatsuo Ishii
> SRA OSS, Inc. Japan
> English: http://www.sraoss.co.jp/index_en.php
> Japanese:http://www.sraoss.co.jp
> _______________________________________________
> pgpool-hackers mailing list
> pgpool-hackers at pgpool.net
> http://www.pgpool.net/mailman/listinfo/pgpool-hackers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20201001/9492a086/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gssapi_v2.diff
Type: application/octet-stream
Size: 676 bytes
Desc: not available
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20201001/9492a086/attachment.obj>

More information about the pgpool-hackers mailing list