Thread: kerberos regression test enhancement

kerberos regression test enhancement

From
David Zhang
Date:
Hi Hackers,

I found one interesting behavior when "--with-gssapi" is enabled,

given a very "common" configuration in gp_hba.conf like below,

     host            postgres    david   192.168.0.114/32    trust

the query message is always encrypted when using a very "common" way
connect to PG server,

     $ psql -h pgserver -d postgres -U david

unless I specify "gssencmode=disable" with -d option,

     $ psql -h pgserver -U david  -d "dbname=postgres gssencmode=disable"

Based on above behaviors, I did a further exercise on kerberos
regression test and found the test coverage is not enough. It should be
enhanced to cover the above behavior when user specified a "host"
followed by "trust" access in pg_hba.conf.

the attachment is a patch to cover the behaviors mentioned above for
kerberos regression test.

Any thoughts?


Thanks,

--
David

Software Engineer
Highgo Software Inc. (Canada)
www.highgo.ca

Attachment