Hi Hackers,
I found one interesting behavior when "--with-gssapi" is enabled,
given a very "common" configuration in gp_hba.conf like below,
host postgres david 192.168.0.114/32 trust
the query message is always encrypted when using a very "common" way
connect to PG server,
$ psql -h pgserver -d postgres -U david
unless I specify "gssencmode=disable" with -d option,
$ psql -h pgserver -U david -d "dbname=postgres gssencmode=disable"
Based on above behaviors, I did a further exercise on kerberos
regression test and found the test coverage is not enough. It should be
enhanced to cover the above behavior when user specified a "host"
followed by "trust" access in pg_hba.conf.
the attachment is a patch to cover the behaviors mentioned above for
kerberos regression test.
Any thoughts?
Thanks,
--
David
Software Engineer
Highgo Software Inc. (Canada)
www.highgo.ca
