Re: BUG #5559: Full SSL verification fails when hostaddr provided - Mailing list pgsql-bugs

From Tom Lane
Subject Re: BUG #5559: Full SSL verification fails when hostaddr provided
Date
Msg-id 11168.1279225086@sss.pgh.pa.us
Whole thread Raw
In response to Re: BUG #5559: Full SSL verification fails when hostaddr provided  (Stephen Frost <sfrost@snowman.net>)
List pgsql-bugs
Stephen Frost <sfrost@snowman.net> writes:
> * Tom Lane (tgl@sss.pgh.pa.us) wrote:
>> I suggest that we document hostaddr as being an auxiliary field that is
>> not intended to be the primary source of the host name, but merely saves
>> libpq from having to do a forward DNS lookup.  In some cases it will
>> work to supply hostaddr without host, but in others it won't.  We should
>> also state that supplying it does not guarantee no DNS lookups occur,
>> because these external auth libraries will do one anyway.

> That sounds like it implies we'd also remove the check which prevents
> Kerberos from being used and fix it to use hostaddr if host is null.

Uh, no, it implies no such thing.  I don't think that's a "fix", it's
merely fuzzing what the values are for.

Magnus, I'm curious to hear your thoughts on this...

            regards, tom lane

pgsql-bugs by date:

Previous
From: Stephen Frost
Date:
Subject: Re: BUG #5559: Full SSL verification fails when hostaddr provided
Next
From: "Heinz Groote"
Date:
Subject: BUG #5562: icon "terrestrial globe" much too big