Stephen Frost <sfr...@snowman.net> writes: > * Tom Lane (t...@sss.pgh.pa.us) wrote: >> ... btw, the libpq documentation claims that >> >> If hostaddr is specified without host, the value for hostaddr >> gives the remote address. When Kerberos is used, a reverse name >> query occurs to obtain the host name for Kerberos. >> >> but so far as I can see this is flat wrong. pg_krb5_sendauth throws >> an error if you didn't provide a host name, and so do the other places >> in fe-auth.c that need the host name. What we're about to do to SSL >> verification will match that. So I think the docs need a fix here.
> I think the confusion here is that the *Kerberos* libraries do the > reverse-DNS lookup to get the hostname to request as part of the > principal. It's true that we don't, but that doesn't mean it's not > done. Not sure where or if we need to discuss how Kerberos works in the > libpq documentation or what the context is for the above, but I'm pretty > sure that's where the original wording came from. Yeah, but the code in fe-auth.c throws an error before the Kerberos libraries get a chance to do any such thing. I suppose that the documentation text was accurate when written, but that was a long time ago. [ pokes in CVS a bit... ] It looks like the insistence that pghost be supplied was added by Magnus on 2005-03-25, probably because the Windows version of Kerberos didn't handle the case correctly; and it's been that way in every release later than 8.0.1. http://archives.postgresql.org/pgsql-committers/2005-03/msg00355.php http://archives.postgresql.org/pgsql-committers/2005-03/msg00356.php That patch did not adjust the documentation wording, but evidently should have. (The claim about a reverse lookup has been in the docs at least since 7.0.) Given the lack of complaints in the past five years, I'm not interested in trying to go back to the old behavior, but we do need to fix the docs. regards, tom lane -- Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-bugs
