Home > mailing lists

Re: BUG #17740: Connecting postgresql 13 with different psql versions - Mailing list pgsql-bugs

From	Anbazhagan M
Subject	Re: BUG #17740: Connecting postgresql 13 with different psql versions
Date	January 9, 2023 19:44:18
Msg-id	CA+SbrTcqfnCxX6JT+pzAUOeneD=VetPC1qQot_wyc_NQabp-Zg@mail.gmail.com Whole thread Raw
In response to	Re: BUG #17740: Connecting postgresql 13 with different psql versions (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: BUG #17740: Connecting postgresql 13 with different psql versions (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-bugs

Tree view

Dear Tom lane,

Is the way in which psql v11 behaved is the expected behaviour?

Any workaround is there for this to make it work as it was when pg 13 was connected with psql v11?

Can i make the ssl to be on and modify the host to hostssl in scram line of pg_hba?

On Mon, 9 Jan, 2023, 8:49 pm Tom Lane, <tgl@sss.pgh.pa.us> wrote:

PG Bug reporting form <noreply@postgresql.org> writes:
> With following entries in pg_hba.conf, psql v13 is prompting for password
> for Kerberos connections, whereas psql v11 succeeds connecting without any
> issue.

> local all pgbkp peer map=pgbackrest
> hostssl all +citi_pg_app_read 0.0.0.0/0 gss map=krb
> host all all 0.0.0.0/0 scram-sha-256

> [kdc_test_fid@icl-actpsql-vm1 /psql13]$ psql -U app_kdc_test_fid -h x.x.x -d
> postgres -p 1524
> Password for user app_kdc_test_fid:

I suspect the v13 libpq is trying GSSAPI encryption before SSL encryption,
so it falls through the hostssl line and ends up at the catchall.

regards, tom lane

pgsql-bugs by date:

From: Alex Richman
Date: 09 January 2023, 19:00:15
Subject: Re: Logical Replica ReorderBuffer Size Accounting Issues

From: Tom Lane
Date: 09 January 2023, 19:50:04
Subject: Re: BUG #17740: Connecting postgresql 13 with different psql versions

Re: BUG #17740: Connecting postgresql 13 with different psql versions - Mailing list pgsql-bugs

Previous

Next