Postgres Pro
Downloads
Home   >   mailing lists

BUG #17740: Connecting postgresql 13 with different psql versions - Mailing list pgsql-bugs

From PG Bug reporting form
Subject BUG #17740: Connecting postgresql 13 with different psql versions
Date
Msg-id 17740-f9e629897b58b2c3@postgresql.org
Whole thread Raw
Responses Re: BUG #17740: Connecting postgresql 13 with different psql versions  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-bugs
Tree view 
The following bug has been logged on the website:

Bug reference:      17740
Logged by:          Anbu
Email address:      gopi.anbumech@gmail.com
PostgreSQL version: 13.8
Operating system:   linux
Description:

For GSSAPI Kerberos external authenticated connections, it appears that psql
v13 is not honouring order of the rules specified in pg_hba.conf. Will there
be any difference in way/options with which psql binary has been built ?

With following entries in pg_hba.conf, psql v13 is prompting for password
for Kerberos connections, whereas psql v11 succeeds connecting without any
issue.

local all pgbkp peer map=pgbackrest
hostssl all +citi_pg_app_read 0.0.0.0/0 gss map=krb
host all all 0.0.0.0/0 scram-sha-256

[kdc_test_fid@icl-actpsql-vm1 /psql13]$ psql -U app_kdc_test_fid -h x.x.x -d
postgres -p 1524
Password for user app_kdc_test_fid:

[kdc_test_fid@icl-actpsql-vm1 /psql11]$ psql -U app_kdc_test_fid -h x.x.x -d
postgres -p 1524
psql (11.13, server 13.8)
WARNING: psql major version 11, server major version 13.
Some psql features might not work.
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384,
bits: 256, compression: off)
Type "help" for help.
postgres=>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

But as soon as the this line is commented out in pg_hba.conf, GSSAPI
Kerberos external authenticated connection succeeds for both psql V13 and
v11.
#host all all 0.0.0.0/0 scram-sha-256

[kdc_test_fid@icl-actpsql-vm1 /psql13]$ psql -U app_kdc_test_fid -h x.x.x -d
postgres -p 1524
psql (13.8)
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits:
256, compression: off)
Type "help" for help.
postgres=>

[kdc_test_fid@icl-actpsql-vm1 /psql11]$ psql -U app_kdc_test_fid -h x.x.x -d
postgres -p 1524
psql (11.13, server 13.8)
WARNING: psql major version 11, server major version 13.
Some psql features might not work.
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384,
bits: 256, compression: off)
Type "help" for help.
postgres=>

Note: app_kdc_test_fid user is part of defined group in hba rules.

pgsql-bugs by date:

Previous
From: PG Bug reporting form
Date:
Subject: BUG #17739: postgres ts_headline function is not returning matches it should during full text search
Next
From: PG Bug reporting form
Date:
Subject: BUG #17741: vacuum process hangs after pg_surgery manipulations