Re: Updated kerberos service name patch - Mailing list pgsql-patches
| From | Bruce Momjian |
|---|---|
| Subject | Re: Updated kerberos service name patch |
| Date | |
| Msg-id | 200506042042.j54KgYd10306@candle.pha.pa.us Whole thread Raw |
| In response to | Re: Updated kerberos service name patch ("Magnus Hagander" <mha@sollentuna.net>) |
| List | pgsql-patches |
Patch applied. Thanks. I manually updated postgresql.conf.sample. --------------------------------------------------------------------------- Magnus Hagander wrote: > Here's an updated version of the patch, with the following changes: > > 1) No longer uses "service name" as "application version". It's instead > hardcoded as "postgres". It could be argued that this part should be > backpatched to 8.0, but it doesn't make a big difference until you can > start changing it with GUC / connection parameters. This change only > affects kerberos 5, not 4. > > 2) Now downcases kerberos usernames when the client is running on win32. > > 3) Adds guc option for "krb_caseins_users" to make the server ignore > case mismatch which is required by some KDCs such as Active Directory. > Off by default, per discussion with Tom. This change only affects > kerberos 5, not 4. > > 4) Updated so it doesn't conflict with the rendevouz/bonjour patch > already in ;-) > > //Magnus > > > > >-----Original Message----- > >From: pgsql-patches-owner@postgresql.org > >[mailto:pgsql-patches-owner@postgresql.org] On Behalf Of > >Magnus Hagander > >Sent: den 22 maj 2005 17:26 > >To: Bruce Momjian > >Cc: PostgreSQL-patches > >Subject: Re: [PATCHES] Updated kerberos service name patch > > > > > >Hi! > > > >Please do not apply this patch in it's current state. It contains a > >small bug that appears to trigger a DOS vulnerability in the MIT > >Kerberos libraries. I will submit a new patch shortly that does not > >expose this bug to a configurable parameter (it can still be exposed by > >hacking the code since the issue appears in the kerberos libs, but > >there's not much we can do there. I'm also contacting the MIT Kerberos > >team about a fix there) > > > >//Magnus > > > >>-----Original Message----- > >>From: Bruce Momjian [mailto:pgman@candle.pha.pa.us] > >>Sent: den 20 maj 2005 19:00 > >>To: Magnus Hagander > >>Cc: PostgreSQL-patches > >>Subject: Re: [PATCHES] Updated kerberos service name patch > >> > >> > >> > >>Your patch has been added to the PostgreSQL unapplied patches list at: > >> > >> http://momjian.postgresql.org/cgi-bin/pgpatches > >> > >>It will be applied as soon as one of the PostgreSQL committers reviews > >>and approves it. > >> > >>--------------------------------------------------------------- > >>------------ > >> > >> > >>Magnus Hagander wrote: > >>> Here is an updated version of the patch from > >>> http://candle.pha.pa.us/mhonarc/patches2/msg00025.html. It > >>handles the > >>> options for libpq connections the same way other options > >are handled, > >>> and it also updates the kerberos documentation. It contains > >>a couple of > >>> minor changes to the Kerberos documentation that's not > >>directly related > >>> to this patch, to make it easier to read. And it updates > >the Kerberos > >>> information URL to the current MIT pages. > >>> > >>> I refactored my own code so now the Kerberos 4 specific > >>changes are very > >>> small. I have not verified them, but I think they shuold work. That > >>> doesn't mean I'm still in favour of ripping out the krb4 > >>code, just that > >>> it's fairly easy to do it as a separate step instead. > >>> > >>> //Magnus > >> > >>Content-Description: krbsrvname.patch > >> > >>[ Attachment, skipping... ] > >> > >>> > >>> ---------------------------(end of > >>broadcast)--------------------------- > >>> TIP 9: the planner will ignore your desire to choose an > >>index scan if your > >>> joining column's datatypes do not match > >> > >>-- > >> Bruce Momjian | http://candle.pha.pa.us > >> pgman@candle.pha.pa.us | (610) 359-1001 > >> + If your life is a hard drive, | 13 Roberts Road > >> + Christ can be your backup. | Newtown Square, > >>Pennsylvania 19073 > >> > > > >---------------------------(end of > >broadcast)--------------------------- > >TIP 9: the planner will ignore your desire to choose an index > >scan if your > > joining column's datatypes do not match > > Content-Description: kerberos3.patch [ Attachment, skipping... ] > > ---------------------------(end of broadcast)--------------------------- > TIP 9: the planner will ignore your desire to choose an index scan if your > joining column's datatypes do not match -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
pgsql-patches by date: