Participants
Henry B. Hotz
Henry B. Hotz
Peter Eisentraut
Peter Eisentraut
Bruce Momjian
Bruce Momjian
Daniel Kouril
Daniel Kouril
Attachments
Show all attachments
Thread Outline
#1Henry B. HotzHenry B. Hotz
May 30, 2003
#2Peter EisentrautPeter Eisentrautto Henry B. Hotz (#1)
Jun 01, 2003
#3Henry B. HotzHenry B. Hotzto Peter Eisentraut (#2)
Jun 01, 2003
#4Daniel KourilDaniel Kourilto Henry B. Hotz (#3)
Jun 02, 2003
#5Bruce MomjianBruce Momjianto Daniel Kouril (#4)
Jun 06, 2003
#6Peter EisentrautPeter Eisentrautto Bruce Momjian (#5)
Jun 07, 2003
#7Bruce MomjianBruce Momjianto Peter Eisentraut (#6)
Jun 07, 2003

Re: couple socket-connection questions

Started by Henry B. Hotzalmost 23 years ago7 messagesdocs
Jump to latest
#1Henry B. Hotz
Henry B. Hotz
hotz@jpl.nasa.gov

At 9:23 AM +0200 5/30/03, Daniel Kouril wrote:

On Thu, May 29, 2003 at 05:48:44PM -0700, Henry B. Hotz wrote:

Actually that's mod_auth_krb, not kerb. They are different apache
modules and the one without the 'e' is newer. I found out about it
from the PostgreSQL manual. It claims to implement some Microsoft
IETF-draft which is also supported by Mozilla for getting Kerberos
credentials forwarded. If the connection doesn't support the
IETF-draft then it falls back to getting a name/password via basic
auth. With the right options apache will retain the (forwarded or
created) tgt which can be used by mod_perl (or presumably PHP) to
authenticate a connection with PostgreSQL.

I don't know which module is meant by the PostgreSQL docs, but you can have
a look at http://meta.cesnet.cz/software/heimdal/negotiate.en.html
The page contains implementations of exact the functionality refered above.

Interesting.

I just repeated my Google search for mod-without-e and almost the
only hits are the PostgreSQL admin manual. I did find a
cross-reference to a sourceforge page
<http://modauthkerb.sourceforge.net/&gt; which looks an awful lot like
the page I remember for the no-e module --- but it has an e.

My guess is that the module web page had a spelling error once which
was picked up by the PostgreSQL admin manual. The spelling error has
been fixed everywhere now, except at PostgreSQL.

I'm cc'ing the PG doc's list on this reply. Hopefully someone there
can tell us what the real situation is.
--
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

Import Notes
Reply to msg id not found: 20030530072339.GA27594@odorn.ics.muni.czReference msg id not found: 200305281343.XAA96732@au.padl.comReference msg id not found: 20030529130218.GA4296@dsl092-163-146.wdc1.dsl.speakeasy.netReference msg id not found: 200305291310.XAA14959@au.padl.comReference msg id not found: p05111720bafc38450d28@137.78.212.225Reference msg id not found: 200305292252.IAA21419@au.padl.comReference msg id not found: p05111722bafc494a0a6e@137.78.212.225Reference msg id not found: 200305292345.JAA22308@au.padl.comReference msg id not found: p05111729bafc56b73023@137.78.212.225Reference msg id not found: 20030530072339.GA27594@odorn.ics.muni.cz
#2Peter Eisentraut
Peter Eisentraut
peter_e@gmx.net
In reply to: Henry B. Hotz (#1)

Henry B. Hotz writes:

My guess is that the module web page had a spelling error once which
was picked up by the PostgreSQL admin manual. The spelling error has
been fixed everywhere now, except at PostgreSQL.

The mention in the PostgreSQL documentation was once submitted by an
external contributor and might have contained a typo. Would you like to
submit a correction, or should it be removed altogether? I got a little
bit lost about what is correct.

--
Peter Eisentraut peter_e@gmx.net

#3Henry B. Hotz
Henry B. Hotz
hotz@jpl.nasa.gov
In reply to: Peter Eisentraut (#2)

At 11:50 PM +0200 6/1/03, Peter Eisentraut wrote:

Henry B. Hotz writes:

My guess is that the module web page had a spelling error once which
was picked up by the PostgreSQL admin manual. The spelling error has
been fixed everywhere now, except at PostgreSQL.

The mention in the PostgreSQL documentation was once submitted by an
external contributor and might have contained a typo. Would you like to
submit a correction, or should it be removed altogether? I got a little
bit lost about what is correct.

Gee, I was hoping you could tell me what was correct.

I'm guessing the correction should be: change mod_auth_krb to mod_auth_kerb.

I'll post more info in a month or two when I have more info (like
when I've tried it out).
--
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

#4Daniel Kouril
Daniel Kouril
kouril@ics.muni.cz
In reply to: Henry B. Hotz (#3)

On Sun, Jun 01, 2003 at 03:22:04PM -0700, Henry B. Hotz wrote:

At 11:50 PM +0200 6/1/03, Peter Eisentraut wrote:

Henry B. Hotz writes:

My guess is that the module web page had a spelling error once which
was picked up by the PostgreSQL admin manual. The spelling error has
been fixed everywhere now, except at PostgreSQL.

The mention in the PostgreSQL documentation was once submitted by an
external contributor and might have contained a typo. Would you like to
submit a correction, or should it be removed altogether? I got a little
bit lost about what is correct.

Gee, I was hoping you could tell me what was correct.

I'm guessing the correction should be: change mod_auth_krb to
mod_auth_kerb.

The mod_auth_kerb module available from modauthkerb.sf.net doesn't provide
the full kerberos authentication (it only supports password verification
against KDC). Recently I've joined the modauthkerb.sf.net project trying to
incorporate the changes needed to implement full kerberos support, but I'm
not sure when it's ready.

So, as for the PostgreSQL docs, if you don't have any other modules in your
mind, I'd suggest to include references to both these module:
- mod_auth_kerb hosted by Sourceforge at modauthkerb.sf.net
- mod_auth_gss_krb5 available from
http://meta.cesnet.cz/software/negotiate.en.html
You can also state these two modules are being integrated.

Cheers,

--
Dan

#5Bruce Momjian
Bruce Momjian
bruce@momjian.us
In reply to: Daniel Kouril (#4)

Patch applied to documentation to list two mod_auth kerberos projects.
Thanks.

---------------------------------------------------------------------------

Daniel Kouril wrote:

On Sun, Jun 01, 2003 at 03:22:04PM -0700, Henry B. Hotz wrote:

At 11:50 PM +0200 6/1/03, Peter Eisentraut wrote:

Henry B. Hotz writes:

My guess is that the module web page had a spelling error once which
was picked up by the PostgreSQL admin manual. The spelling error has
been fixed everywhere now, except at PostgreSQL.

The mention in the PostgreSQL documentation was once submitted by an
external contributor and might have contained a typo. Would you like to
submit a correction, or should it be removed altogether? I got a little
bit lost about what is correct.

Gee, I was hoping you could tell me what was correct.

I'm guessing the correction should be: change mod_auth_krb to
mod_auth_kerb.

The mod_auth_kerb module available from modauthkerb.sf.net doesn't provide
the full kerberos authentication (it only supports password verification
against KDC). Recently I've joined the modauthkerb.sf.net project trying to
incorporate the changes needed to implement full kerberos support, but I'm
not sure when it's ready.

So, as for the PostgreSQL docs, if you don't have any other modules in your
mind, I'd suggest to include references to both these module:
- mod_auth_kerb hosted by Sourceforge at modauthkerb.sf.net
- mod_auth_gss_krb5 available from
http://meta.cesnet.cz/software/negotiate.en.html
You can also state these two modules are being integrated.

Cheers,

--
Dan

---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

Attachments:

/bjm/difftext/plainDownload+11-11
#6Peter Eisentraut
Peter Eisentraut
peter_e@gmx.net
In reply to: Bruce Momjian (#5)

Bruce Momjian writes:

Patch applied to documentation to list two mod_auth kerberos projects.
Thanks.

Do both of these support AuthType KerberosV5SaveCredentials? I guess not,
from this:

I'm guessing the correction should be: change mod_auth_krb to
mod_auth_kerb.

The mod_auth_kerb module available from modauthkerb.sf.net doesn't provide
the full kerberos authentication (it only supports password verification
against KDC). Recently I've joined the modauthkerb.sf.net project trying to
incorporate the changes needed to implement full kerberos support, but I'm
not sure when it's ready.

--
Peter Eisentraut peter_e@gmx.net

#7Bruce Momjian
Bruce Momjian
bruce@momjian.us
In reply to: Peter Eisentraut (#6)

OK, I didn't understand what supporting only password verification meant
in terms of our software. I will remove the second one.

---------------------------------------------------------------------------

Peter Eisentraut wrote:

Bruce Momjian writes:

Patch applied to documentation to list two mod_auth kerberos projects.
Thanks.

Do both of these support AuthType KerberosV5SaveCredentials? I guess not,
from this:

I'm guessing the correction should be: change mod_auth_krb to
mod_auth_kerb.

The mod_auth_kerb module available from modauthkerb.sf.net doesn't provide
the full kerberos authentication (it only supports password verification
against KDC). Recently I've joined the modauthkerb.sf.net project trying to
incorporate the changes needed to implement full kerberos support, but I'm
not sure when it's ready.

--
Peter Eisentraut peter_e@gmx.net

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073
← Back to Topics