Re: BUG #4932: Upgrade 8.2.13 -> 8.4.0 - Kerberos option missing - Mailing list pgsql-bugs

From Peter Much
Subject Re: BUG #4932: Upgrade 8.2.13 -> 8.4.0 - Kerberos option missing
Date
Msg-id 20090722152949.GA61782@gate.oper.dinoex.org
Whole thread Raw
In response to Re: BUG #4932: Upgrade 8.2.13 -> 8.4.0 - Kerberos option missing  (Magnus Hagander <magnus@hagander.net>)
Responses Re: BUG #4932: Upgrade 8.2.13 -> 8.4.0 - Kerberos option missing
List pgsql-bugs
Dear Magnus!

On Wed, Jul 22, 2009 at 11:52:32AM +0200, Magnus Hagander wrote:
! On Wed, Jul 22, 2009 at 11:42, Peter Much<pmc@citylink.dinoex.sub.org> wrote:

! > In chapter 19.3.5 of the manual an option "krb_server_hostname" is
! > mentioned.
! > This option was present in 8.2 but is no longer present in 8.4.0
!
! It is present, only it has now been moved to pg_hba.conf. It is no
! longer in postgresql.conf. My guess is that you tried it configured
! the same way as in previous versions, where there was a global
! parameter in postgresql.conf?

Nearly. I merged my old and new config, noticed the option was gone,
tried it nevertheless and got an error, tried again without it and
obviousely logins did not work.

I confess that I did not carefully study new HBA features - but even
if I had, I am not quite sure if I would have gotten that point at
once.

Now understanding it, I bow in respect - this is indeed a fine
improvement!

! > But _there_is_no_such_thing_ as a "fully qualified hostname"!

! In a very large part of the cases, the fully qualified hostname will
! be the same as the fully qualified interface name for the only
! interface that's configured.

Alright, frankly and just out of band of the topic, let me say
one thing: I am installing systems for the big commercial vendors
for more than a decade now, and this matter was an ongoing annoyance
all of the time.
While at first glance it may be considered just a matter of
convenience, the real trouble starts as soon as one does
high-availability solutions; these will definitely break on such
an assumption, and we end up with patching the hostname on takeover:
so having no functional mailer, unintellegible logfiles, not knowing
for sure on which hardware we admins are logged in, and similar
ugliness more.
Here I am talking about the commercial middleware vendors, who
are really stubborn in this matter - in the OpenSource the situation
is already a thousand times better!

! Anyway, the whole reason for moving the krb_server_hostname parameter
! into pg_hba.conf is to make it *more* flexible to configure situations
! like this.

Indeed, I agree with You, and I am very happy. :)

rgds,
PMc

pgsql-bugs by date:

Previous
From: "Aaron Marcuse-Kubitza"
Date:
Subject: BUG #4933: ts_rewrite() causes segfault when query with more than one node becomes empty
Next
From: Magnus Hagander
Date:
Subject: Re: BUG #4932: Upgrade 8.2.13 -> 8.4.0 - Kerberos option missing