Greetings, * Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote: > Kerberos tests are now failing for me (macOS). I'm seeing > > psql: error: could not connect to server: Over-size error packet sent by > the server. > not ok 3 - GSS encryption without auth > > # Failed test 'GSS encryption without auth' > # at t/002_enc.pl line 170. > # got: '2' > # expected: '0' > > (and repeated for several other tests).
Alright, that over-size error was a bug in the error-handling code, which I've just pushed a fix for. That said... * Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote: > On 2019-04-04 17:35, Stephen Frost wrote: > > Ok, it looks like there's a server-side error happening here, and it > > would be good to see what that is, so can you send the server logs? > > These errors appear several times in the server logs: > > FATAL: GSSAPI context error > DETAIL: Miscellaneous failure (see text): Decrypt integrity check > failed for checksum type hmac-sha1-96-aes256, key type > aes256-cts-hmac-sha1-96 > > FATAL: accepting GSS security context failed > DETAIL: Miscellaneous failure (see text): Decrypt integrity check > failed for checksum type hmac-sha1-96-aes256, key type > aes256-cts-hmac-sha1-96 This looks like it's a real issue and it's unclear what's going on here. I wonder- are you certain that you're using all the same Kerberos libraries for the KDC, the server, and psql? If you go back to before the GSSAPI encryption patch, does it work..? I've certainly seen interesting issues on MacOS, in particular, due to different Kerberos libraries/tools being installed and I wonder if that's what is going on here. Maybe you could check klist vs. psql wrt what libraries are linked in? Thanks, Stephen
signature.asc
Description: PGP signature
