On Mon, Jul 24, 2023 at 2:53 PM Tom Lane <t...@sss.pgh.pa.us> wrote: > > We got a complaint at [1] about how a not-so-unreasonable LDAP > configuration can hit the "authentication file token too long, > skipping" error case in hba.c's next_token(). I think we've > seen similar complaints before, although a desultory archives > search didn't turn one up. > > A minimum-change response would be to increase the MAX_TOKEN > constant from 256 to (say) 1K or 10K. But it wouldn't be all > that hard to replace the fixed-size buffer with a StringInfo, > as attached. >
+1 for replacing it with StringInfo. And the patch LGTM! > > Given the infrequency of complaints, I'm inclined to apply > the more thorough fix only in HEAD, and to just raise MAX_TOKEN > in the back branches. Thoughts? > It makes sense to change it only in HEAD. Regards, -- Fabrízio de Royes Mello
