Home > mailing lists

Re: BUG #5559: Full SSL verification fails when hostaddr provided - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: BUG #5559: Full SSL verification fails when hostaddr provided
Date	July 14, 2010 19:20:21
Msg-id	10950.1279135209@sss.pgh.pa.us Whole thread Raw
In response to	Re: BUG #5559: Full SSL verification fails when hostaddr provided (Stephen Frost <sfrost@snowman.net>)
Responses	Re: BUG #5559: Full SSL verification fails when hostaddr provided (Stephen Frost <sfrost@snowman.net>)
List	pgsql-bugs

Tree view

Stephen Frost <sfrost@snowman.net> writes:
> I've never found a reason to use hostaddr, so I don't particularly care,
> but it doesn't seem right to break Kerberos auth if you were only given
> an IP address unless hostaddr's entire point is that it will prevent a
> DNS lookup from happening, ever.

Well, given your description we *can't* prevent Kerberos auth from doing
a synchronous reverse-DNS lookup.  So the question is why did that test
get put in, back in 2005?  I have no objection to removing it if that
doesn't lead to crashing, but ...

            regards, tom lane

pgsql-bugs by date:

From: Stephen Frost
Date: 14 July 2010, 18:32:49
Subject: Re: BUG #5559: Full SSL verification fails when hostaddr provided

From: Stephen Frost
Date: 14 July 2010, 21:28:15
Subject: Re: BUG #5559: Full SSL verification fails when hostaddr provided

Re: BUG #5559: Full SSL verification fails when hostaddr provided - Mailing list pgsql-bugs

Previous

Next