Magnus Hagander <[EMAIL PROTECTED]> writes: > On Tue, Jan 29, 2008 at 03:34:19AM -0500, Kris Jurka wrote: >> Is it possible to authenticate using GSSAPI over the V2 protocol? Is >> there any documentation on the message formats for V2?
> Honestly - don't know :-) Never looked at that part. I tried it --- it's easy to hack libpq so that it does V2 instead of V3: $ diff -c fe-connect.c~ fe-connect.c *** fe-connect.c~ Mon Jan 28 21:06:30 2008 --- fe-connect.c Tue Feb 5 19:35:34 2008 *************** *** 855,861 **** conn->addrlist = addrs; conn->addr_cur = addrs; conn->addrlist_family = hint.ai_family; ! conn->pversion = PG_PROTOCOL(3, 0); conn->status = CONNECTION_NEEDED; /* --- 855,861 ---- conn->addrlist = addrs; conn->addr_cur = addrs; conn->addrlist_family = hint.ai_family; ! conn->pversion = PG_PROTOCOL(2, 0); conn->status = CONNECTION_NEEDED; /* $ The answer is "no, it doesn't work": $ psql -l psql: GSSAPI continuation error: Invalid token was supplied GSSAPI continuation error: No error $ This surprises me; I would have thought the protocol was fairly orthogonal to the auth method. We should look into it and see if there's an easy fix or not. I have no time to poke further right now, though. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend