Re: [PATCH v20] GSSAPI encryption support

On Fri, Apr 19, 2019 at 09:25:14PM -0400, Stephen Frost wrote: > Great, glad to hear it. What you have committed looks fine seen from here. Thanks for taking care of the issue, Stephen. -- Michael signature.asc Description: PGP signature

Re: [PATCH v20] GSSAPI encryption support

Greetings, * Michael Paquier (mich...@paquier.xyz) wrote: > On Mon, Apr 15, 2019 at 08:24:52AM -0400, Stephen Frost wrote: > > The tests are really fast enough with one KDC that I don't think it > > makes sense to have two independent tests. > > Perhaps you should add a comment about the need of

Re: [PATCH v20] GSSAPI encryption support

On 2019-04-16 06:36, Michael Paquier wrote: > +$node->append_conf('pg_hba.conf', > + qq{hostgssenc all all $hostaddr/32 gss map=mymap}); > +$node->restart; > A reload should be enough but not race-condition free, which is why a > set of restarts is done in this test right? (I have noticed that i

Re: [PATCH v20] GSSAPI encryption support

On Mon, Apr 15, 2019 at 08:24:52AM -0400, Stephen Frost wrote: > The tests are really fast enough with one KDC that I don't think it > makes sense to have two independent tests. Perhaps you should add a comment about the need of unicity at the top of 001_auth.pl with a short description of the tes

Re: [PATCH v20] GSSAPI encryption support

Stephen Frost writes: > Please find attached a patch which updates the protocol.sgml docs that > Michael mentioned before, and merges the tests into one test file > (while adding in some additional tests to make sure that the server > also agrees with what our expectations are, using the pg_stat_

Re: [PATCH v20] GSSAPI encryption support

Greetings, * Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote: > On 2019-04-09 09:32, Peter Eisentraut wrote: > > On 2019-04-09 04:51, Stephen Frost wrote: > >>> Running just 002_enc.pl by itself passes the tests! > >> Great! I think what I'll do is work to incorporate the two tests back

Re: [PATCH v20] GSSAPI encryption support

On Fri, Apr 12, 2019 at 10:22:03AM +0200, Peter Eisentraut wrote: > Another problem is that the two test files cannot be run in parallel > because they use the same hardcoded data directories. That would have > to be replaced by temporary directories. Please note that I have added an open item ab

Re: [PATCH v20] GSSAPI encryption support

On 2019-04-09 09:32, Peter Eisentraut wrote: > On 2019-04-09 04:51, Stephen Frost wrote: >>> Running just 002_enc.pl by itself passes the tests! >> Great! I think what I'll do is work to incorporate the two tests back >> into one script, to avoid whatever the race condition or other confusion >> i

Re: [PATCH v20] GSSAPI encryption support

Stephen Frost writes: > Robbie Harwood (rharw...@redhat.com) wrote: >> Bruce Momjian writes: >>> Magnus Hagander wrote: Joe Conway wrote: If it was on the table it might have been better to keep hostgss and change the authentication method to gssauth or something, but t

Re: [PATCH v20] GSSAPI encryption support

On Thu, Apr 11, 2019 at 3:56 PM Robert Haas wrote: > On Wed, Apr 10, 2019 at 9:47 PM Stephen Frost wrote: > > Right, if we changed the name of the auth method then everyone who is > > using the "gss" auth method would have to update their pg_hba.conf > > files... That would be very ugly. Also,

Re: [PATCH v20] GSSAPI encryption support

On Wed, Apr 10, 2019 at 9:47 PM Stephen Frost wrote: > Right, if we changed the name of the auth method then everyone who is > using the "gss" auth method would have to update their pg_hba.conf > files... That would be very ugly. Also, it wasn't implicitly rejected, > it was discussed up-thread

Re: [PATCH v20] GSSAPI encryption support

Greetings, * Robbie Harwood (rharw...@redhat.com) wrote: > Bruce Momjian writes: > > On Wed, Apr 3, 2019 at 08:49:25AM +0200, Magnus Hagander wrote: > >> On Wed, Apr 3, 2019 at 12:22 AM Joe Conway wrote: > >> > >> Personally I don't find it as confusing as is either, and I find > >> hostgss to

Re: [PATCH v20] GSSAPI encryption support

Bruce Momjian writes: > On Wed, Apr 3, 2019 at 08:49:25AM +0200, Magnus Hagander wrote: >> On Wed, Apr 3, 2019 at 12:22 AM Joe Conway wrote: >> >> Personally I don't find it as confusing as is either, and I find >> hostgss to be a good analog of hostssl. On the other hand hostgssenc >> is long

Re: [PATCH v20] GSSAPI encryption support

On Wed, Apr 3, 2019 at 08:49:25AM +0200, Magnus Hagander wrote: > On Wed, Apr 3, 2019 at 12:22 AM Joe Conway wrote: > Personally I don't find it as confusing as is either, and I find hostgss > to be a good analog of hostssl. On the other hand hostgssenc is long and > unintuitive. So +

Re: [PATCH v20] GSSAPI encryption support

On 2019-04-09 06:11, Tom Lane wrote: > I tried to replicate this on my own laptop (macOS 10.14.4 ... I do not > think there is or ever will be a 10.14.14). right > kerberos test fails immediately: > > 1..4 > # setting up Kerberos > # Running: krb5-config --version > # Running: kdb5_util create -

Re: [PATCH v20] GSSAPI encryption support

On 2019-04-09 04:51, Stephen Frost wrote: >> Running just 002_enc.pl by itself passes the tests! > Great! I think what I'll do is work to incorporate the two tests back > into one script, to avoid whatever the race condition or other confusion > is happening on macOS here. That seems reasonable.

Re: [PATCH v20] GSSAPI encryption support

Peter Eisentraut writes: > On 2019-04-05 23:37, Stephen Frost wrote: >> I've also reached out to some colleagues about having one of them test >> with MacOS. What version are you on..? > macOS 10.14.14 it says. I tried to replicate this on my own laptop (macOS 10.14.4 ... I do not think there

Re: [PATCH v20] GSSAPI encryption support

Greetings, * Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote: > On 2019-04-05 23:37, Stephen Frost wrote: > > I wonder if somehow the keytab file that the server is using isn't > > getting destroyed between the two test runs and so you're ending up with > > the server using the key from

Re: [PATCH v20] GSSAPI encryption support

On 2019-04-05 23:37, Stephen Frost wrote: > I wonder if somehow the keytab file that the server is using isn't > getting destroyed between the two test runs and so you're ending up with > the server using the key from the old KDC, while the user is using the > new one..? Or something is equally go

Re: [PATCH v20] GSSAPI encryption support

Greetings, * Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote: > On 2019-04-05 14:48, Stephen Frost wrote: > > On a failure to set up an encrypted connection, we'll actually fall back > > to a non-encrypted one using GSSAPI *just* for authentication, which is> > > why I was asking if thi

Re: [PATCH v20] GSSAPI encryption support

On 2019-04-05 14:48, Stephen Frost wrote: > All of it was built against the OS-provided Kerberos install, and you > got the failure..? right > On a failure to set up an encrypted connection, we'll actually fall back > to a non-encrypted one using GSSAPI *just* for authentication, which is> why >

Re: [PATCH v20] GSSAPI encryption support

Stephen Frost writes: > * Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote: >> On 2019-04-05 04:59, Stephen Frost wrote: >> >>> Alright, that over-size error was a bug in the error-handling code, >>> which I've just pushed a fix for. That said... >> >> Yes, that looks better now. > > G

Re: [PATCH v20] GSSAPI encryption support

Greetings, * Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote: > On 2019-04-05 04:59, Stephen Frost wrote: > > Alright, that over-size error was a bug in the error-handling code, > > which I've just pushed a fix for. That said... > > Yes, that looks better now. Great. > > This looks l

Re: [PATCH v20] GSSAPI encryption support

On 2019-04-05 04:59, Stephen Frost wrote: > Alright, that over-size error was a bug in the error-handling code, > which I've just pushed a fix for. That said... Yes, that looks better now. > This looks like it's a real issue and it's unclear what's going on here. > I wonder- are you certain that

Re: [PATCH v20] GSSAPI encryption support

Greetings, * Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote: > Kerberos tests are now failing for me (macOS). I'm seeing > > psql: error: could not connect to server: Over-size error packet sent by > the server. > not ok 3 - GSS encryption without auth > > # Failed test 'GSS encryp

Re: [PATCH v20] GSSAPI encryption support

On 2019-04-04 17:35, Stephen Frost wrote: > Ok, it looks like there's a server-side error happening here, and it > would be good to see what that is, so can you send the server logs? These errors appear several times in the server logs: FATAL: GSSAPI context error DETAIL: Miscellaneous failure

Re: [PATCH v20] GSSAPI encryption support

Tom Lane writes: > I wrote: >> Stephen Frost writes: >>> So I'm a bit surprised that it's taking 4 minutes for you. I wonder if >>> there might be an issue related to the KDC wanting to get some amount of >>> random data and the system you're on isn't producing random bytes very >>> fast..? > >

Re: [PATCH v20] GSSAPI encryption support

Tom Lane writes: > Stephen Frost writes: >> * Tom Lane (t...@sss.pgh.pa.us) wrote: >>> Well, if the caller thinks what is being passed back is an int, >>> it will do a 32-to-64-bit widening, which is almost certainly >>> going to result in a corrupted pointer. > >> Oh, good point. Interesting t

Re: [PATCH v20] GSSAPI encryption support

Stephen Frost writes: > * Tom Lane (t...@sss.pgh.pa.us) wrote: >> Watching the test logs, I see that essentially all the time on the RHEL6 >> machine is consumed by the two >> # Running: /usr/sbin/kdb5_util create -s -P secret0 >> steps. Is there a case for merging the two scripts so we only have

Re: [PATCH v20] GSSAPI encryption support

Greetings, * Tom Lane (t...@sss.pgh.pa.us) wrote: > I wrote: > > Stephen Frost writes: > >> So I'm a bit surprised that it's taking 4 minutes for you. I wonder if > >> there might be an issue related to the KDC wanting to get some amount of > >> random data and the system you're on isn't produci

Re: [PATCH v20] GSSAPI encryption support

I wrote: > Stephen Frost writes: >> So I'm a bit surprised that it's taking 4 minutes for you. I wonder if >> there might be an issue related to the KDC wanting to get some amount of >> random data and the system you're on isn't producing random bytes very >> fast..? > Not sure. This is my usua

Re: [PATCH v20] GSSAPI encryption support

Greetings, * Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote: > Kerberos tests are now failing for me (macOS). I'm seeing > > psql: error: could not connect to server: Over-size error packet sent by > the server. > not ok 3 - GSS encryption without auth > > # Failed test 'GSS encryp

Re: [PATCH v20] GSSAPI encryption support

Stephen Frost writes: > * Tom Lane (t...@sss.pgh.pa.us) wrote: >> There must be something about the x86_64 ABI that allows this to >> accidentally work -- maybe integers are presumed to be sign-extended >> to 64 bits by callee not caller? I added some logging and verified >> that pgstat.c is seei

Re: [PATCH v20] GSSAPI encryption support

Greetings, * Tom Lane (t...@sss.pgh.pa.us) wrote: > Stephen Frost writes: > > * Tom Lane (t...@sss.pgh.pa.us) wrote: > >> Well, if the caller thinks what is being passed back is an int, > >> it will do a 32-to-64-bit widening, which is almost certainly > >> going to result in a corrupted pointer.

Re: [PATCH v20] GSSAPI encryption support

On 2019-04-04 17:16, Tom Lane wrote: > BTW, the kerberos test suite takes nearly 4 minutes for me, is > it supposed to be so slow? I've seen this on some virtualized machines that didn't have a lot of entropy. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 2

Re: [PATCH v20] GSSAPI encryption support

Stephen Frost writes: > * Tom Lane (t...@sss.pgh.pa.us) wrote: >> Well, if the caller thinks what is being passed back is an int, >> it will do a 32-to-64-bit widening, which is almost certainly >> going to result in a corrupted pointer. > Oh, good point. Interesting that it still works then. T

Re: [PATCH v20] GSSAPI encryption support

Greetings, * Tom Lane (t...@sss.pgh.pa.us) wrote: > Stephen Frost writes: > > * Tom Lane (t...@sss.pgh.pa.us) wrote: > >> I'm not very sure why the integer/pointer confusion in pgstat_bestart > >> doesn't cause hard crashes when using gss auth --- or does > >> this suite not actually test that? >

Re: [PATCH v20] GSSAPI encryption support

Stephen Frost writes: > * Tom Lane (t...@sss.pgh.pa.us) wrote: >> I'm not very sure why the integer/pointer confusion in pgstat_bestart >> doesn't cause hard crashes when using gss auth --- or does >> this suite not actually test that? > Isn't it just saying that because of the implicit declarati

Re: [PATCH v20] GSSAPI encryption support

Greetings, * Tom Lane (t...@sss.pgh.pa.us) wrote: > Stephen Frost writes: > > On Thu, Apr 4, 2019 at 05:20 Peter Eisentraut < > > peter.eisentr...@2ndquadrant.com> wrote: > >> Kerberos tests are now failing for me (macOS). > > > Interesting, they work locally for me on Ubuntu. Unfortunately, I

Re: [PATCH v20] GSSAPI encryption support

Stephen Frost writes: > On Thu, Apr 4, 2019 at 05:20 Peter Eisentraut < > peter.eisentr...@2ndquadrant.com> wrote: >> Kerberos tests are now failing for me (macOS). > Interesting, they work locally for me on Ubuntu. Unfortunately, I don’t > have macOS. This only happens when encryption is being

Re: [PATCH v20] GSSAPI encryption support

Greetings, On Thu, Apr 4, 2019 at 05:20 Peter Eisentraut < peter.eisentr...@2ndquadrant.com> wrote: > Kerberos tests are now failing for me (macOS). I'm seeing > > psql: error: could not connect to server: Over-size error packet sent by > the server. > not ok 3 - GSS encryption without auth > >

Re: [PATCH v20] GSSAPI encryption support

Kerberos tests are now failing for me (macOS). I'm seeing psql: error: could not connect to server: Over-size error packet sent by the server. not ok 3 - GSS encryption without auth # Failed test 'GSS encryption without auth' # at t/002_enc.pl line 170. # got: '2' # expected: '0

Re: [PATCH v20] GSSAPI encryption support

On Wed, Apr 03, 2019 at 10:09:54PM -0400, Stephen Frost wrote: > Yes, that’s a fair point. I’ll work on adding documentation to > protocol.sgml for the GSSAPI encrypted setup and message passing. Thanks. I have added an open item to track. -- Michael signature.asc Description: PGP signature

Re: [PATCH v20] GSSAPI encryption support

Greetings, On Wed, Apr 3, 2019 at 22:02 Michael Paquier wrote: > On Wed, Apr 03, 2019 at 05:51:06PM -0400, Stephen Frost wrote: > > Thanks so much for pushing on it for so long, it’s a great feature to > have! > > Glad to see that the final result is using an API layer in > be-secure.c and that

Re: [PATCH v20] GSSAPI encryption support

On Wed, Apr 03, 2019 at 05:51:06PM -0400, Stephen Frost wrote: > Thanks so much for pushing on it for so long, it’s a great feature to have! Glad to see that the final result is using an API layer in be-secure.c and that we have tests. Now, shouldn't there be some documentation in protocol.sgml f

Re: [PATCH v20] GSSAPI encryption support

Greetings Robbie, On Wed, Apr 3, 2019 at 17:47 Robbie Harwood wrote: > Stephen Frost writes: > > > On Wed, Apr 3, 2019 at 16:01 Andres Freund wrote: > >> On 2019-04-03 10:43:33 -0400, Stephen Frost wrote: > >> > >>> I'll push this in a few hours unless there's anything else. > >> > >> The CF e

Re: [PATCH v20] GSSAPI encryption support

Stephen Frost writes: > On Wed, Apr 3, 2019 at 16:01 Andres Freund wrote: >> On 2019-04-03 10:43:33 -0400, Stephen Frost wrote: >> >>> I'll push this in a few hours unless there's anything else. >> >> The CF entry for this is still open - is there any work missing? Just >> trying to do some tria

Re: [PATCH v20] GSSAPI encryption support

Greetings, On Wed, Apr 3, 2019 at 16:01 Andres Freund wrote: > Hi, > > On 2019-04-03 10:43:33 -0400, Stephen Frost wrote: > > I'll push this in a few hours unless there's anything else. > > The CF entry for this is still open - is there any work missing? Just > trying to do some triage... > > ht

Re: [PATCH v20] GSSAPI encryption support

Hi, On 2019-04-03 10:43:33 -0400, Stephen Frost wrote: > I'll push this in a few hours unless there's anything else. The CF entry for this is still open - is there any work missing? Just trying to do some triage... https://commitfest.postgresql.org/22/1647/ - Andres

Re: [PATCH v20] GSSAPI encryption support

Greetings, * Magnus Hagander (mag...@hagander.net) wrote: > On Wed, Apr 3, 2019 at 12:22 AM Joe Conway wrote: > > On 4/2/19 6:18 PM, Stephen Frost wrote: > > > On Tue, Apr 2, 2019 at 18:10 Peter Eisentraut > > > > > > wrote: > > > > > > On 2019-02-23

Re: [PATCH v20] GSSAPI encryption support

On Wed, Apr 3, 2019 at 12:22 AM Joe Conway wrote: > On 4/2/19 6:18 PM, Stephen Frost wrote: > > Greetings, > > > > On Tue, Apr 2, 2019 at 18:10 Peter Eisentraut > > > > wrote: > > > > On 2019-02-23 17:27, Stephen Frost wrote: > > >> About pg_hba.c

Re: [PATCH v20] GSSAPI encryption support

On 4/2/19 6:18 PM, Stephen Frost wrote: > Greetings, > > On Tue, Apr 2, 2019 at 18:10 Peter Eisentraut > > wrote: > > On 2019-02-23 17:27, Stephen Frost wrote: > >> About pg_hba.conf: The "hostgss" keyword seems a bit confusing.  > It only >

Re: [PATCH v20] GSSAPI encryption support

Greetings, On Tue, Apr 2, 2019 at 18:10 Peter Eisentraut < peter.eisentr...@2ndquadrant.com> wrote: > On 2019-02-23 17:27, Stephen Frost wrote: > >> About pg_hba.conf: The "hostgss" keyword seems a bit confusing. It only > >> applies to encrypted gss-using connections, not all of them. Maybe >

Re: [PATCH v20] GSSAPI encryption support

On 2019-02-23 17:27, Stephen Frost wrote: >> About pg_hba.conf: The "hostgss" keyword seems a bit confusing. It only >> applies to encrypted gss-using connections, not all of them. Maybe >> "hostgssenc" or "hostgsswrap"? > Not quite sure what you mean here, but 'hostgss' seems to be quite well >

Re: [PATCH v20] GSSAPI encryption support

Stephen Frost writes: > One of the things that I really didn't care for in this patch was the > use of the string buffers, without any real checks (except for "oh, > you tried to allocated over 1G"...) to make sure that the other side > of the connection wasn't feeding us ridiculous packets, and

Re: [PATCH v20] GSSAPI encryption support

Greetings! * Robbie Harwood (rharw...@redhat.com) wrote: > Stephen Frost writes: > > * Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote: > >> Or maybe we avoid that, and you rename be-secure-gssapi.c to just > >> be-gssapi.c and also combine that with the contents of > >> be-gssapi-commo

Re: [PATCH v20] GSSAPI encryption support

Stephen Frost writes: > * Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote: > >> Or maybe we avoid that, and you rename be-secure-gssapi.c to just >> be-gssapi.c and also combine that with the contents of >> be-gssapi-common.c. > > I don't know why we would need to, or want to, combine >

Re: [PATCH v20] GSSAPI encryption support

Greetings, * Peter Eisentraut (peter.eisentr...@2ndquadrant.com) wrote: > I don't know much about GSSAPI, but from what I can tell, this seems an > attractive feature, and the implementation is compact enough. I have > done a bit of work on the internal SSL API refactoring, so I have some > thoug

Re: [PATCH v20] GSSAPI encryption support

I don't know much about GSSAPI, but from what I can tell, this seems an attractive feature, and the implementation is compact enough. I have done a bit of work on the internal SSL API refactoring, so I have some thoughts on this patch. Looking at the file structure, we would have be-secure.c be-

Re: [PATCH v20] GSSAPI encryption support

Stephen Frost writes: > * Robbie Harwood (rharw...@redhat.com) wrote: >> Stephen Frost writes: >>> * Robbie Harwood (rharw...@redhat.com) wrote: >>> Sure! I'll go ahead and hack up the checks and lucid stuff and get back to you. >>> >>> Great! I'll finish fleshing out the basics of h

Re: [PATCH v20] GSSAPI encryption support

Greetings, * Robbie Harwood (rharw...@redhat.com) wrote: > Stephen Frost writes: > > * Robbie Harwood (rharw...@redhat.com) wrote: > >> Sure! I'll go ahead and hack up the checks and lucid stuff and get > >> back to you. > > > > Great! I'll finish fleshing out the basics of how to have this wor

Re: [PATCH v20] GSSAPI encryption support

Stephen Frost writes: > * Robbie Harwood (rharw...@redhat.com) wrote: >> Stephen Frost writes: >>> * Robbie Harwood (rharw...@redhat.com) wrote: Stephen Frost writes: > * Robbie Harwood (rharw...@redhat.com) wrote: > >> Attached please find version 20 of the GSSAPI encryption s

Re: [PATCH v20] GSSAPI encryption support

On 2019-02-18 16:32, Stephen Frost wrote: > Considering this is only the second encryption protocol in the project's > lifetime, I agree that using callbacks would be overkill here. What > other encryption protocols are you thinking we would be adding here? I > think most would be quite hard-pres

Re: [PATCH v20] GSSAPI encryption support

Greetings, * Robbie Harwood (rharw...@redhat.com) wrote: > Andres Freund writes: > > > On 2018-12-18 14:12:46 -0500, Robbie Harwood wrote: > > > >> Subject: [PATCH] libpq GSSAPI encryption support > > > > Could some of these be split into separate patches that could be more > > eagerly merged? T

Re: [PATCH v20] GSSAPI encryption support

Andres Freund writes: > On 2018-12-18 14:12:46 -0500, Robbie Harwood wrote: > >> Subject: [PATCH] libpq GSSAPI encryption support > > Could some of these be split into separate patches that could be more > eagerly merged? This is a somewhat large patch... What splits do you propose? (It's been

Re: [PATCH v20] GSSAPI encryption support

Hi, On 2018-12-18 14:12:46 -0500, Robbie Harwood wrote: > From 6915ae2507bf7910c5eecfbd0b84805531c16a07 Mon Sep 17 00:00:00 2001 > From: Robbie Harwood > Date: Thu, 10 May 2018 16:12:03 -0400 > Subject: [PATCH] libpq GSSAPI encryption support > > On both the frontend and backend, prepare for GSS

Re: [PATCH v20] GSSAPI encryption support

Stephen Frost writes: > * Robbie Harwood (rharw...@redhat.com) wrote: >> Stephen Frost writes: >>> * Robbie Harwood (rharw...@redhat.com) wrote: Stephen Frost writes: > * Robbie Harwood (rharw...@redhat.com) wrote: > >> Attached please find version 20 of the GSSAPI encryption s

Re: [PATCH v20] GSSAPI encryption support

Greetings, * Robbie Harwood (rharw...@redhat.com) wrote: > Stephen Frost writes: > > * Robbie Harwood (rharw...@redhat.com) wrote: > >> Stephen Frost writes: > >>> * Robbie Harwood (rharw...@redhat.com) wrote: > >>> > Attached please find version 20 of the GSSAPI encryption support. >

Re: [PATCH v20] GSSAPI encryption support

Stephen Frost writes: > * Robbie Harwood (rharw...@redhat.com) wrote: >> Stephen Frost writes: >>> * Robbie Harwood (rharw...@redhat.com) wrote: >>> Attached please find version 20 of the GSSAPI encryption support. This has been rebased onto master (thanks Stephen for calling out

Re: [PATCH v20] GSSAPI encryption support

Greetings, * Robbie Harwood (rharw...@redhat.com) wrote: > Stephen Frost writes: > > * Robbie Harwood (rharw...@redhat.com) wrote: > >> Attached please find version 20 of the GSSAPI encryption support. > >> This has been rebased onto master (thanks Stephen for calling out > >> ab69ea9). > > > > I

Re: [PATCH v20] GSSAPI encryption support

Stephen Frost writes: > * Robbie Harwood (rharw...@redhat.com) wrote: > >> Attached please find version 20 of the GSSAPI encryption support. >> This has been rebased onto master (thanks Stephen for calling out >> ab69ea9). > > I've looked over this again and have been playing with it off-and-on >

Re: [PATCH v20] GSSAPI encryption support

Greetings Robbie, * Robbie Harwood (rharw...@redhat.com) wrote: > Attached please find version 20 of the GSSAPI encryption support. This > has been rebased onto master (thanks Stephen for calling out ab69ea9). > Other changes since v19 from Stephen's review: > > - About 100 lines of new comments

[PATCH v20] GSSAPI encryption support

Hello friends, Attached please find version 20 of the GSSAPI encryption support. This has been rebased onto master (thanks Stephen for calling out ab69ea9). Other changes since v19 from Stephen's review: - About 100 lines of new comments - pgindent run over code (only the stuff I'm changing; it