Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PGcat raises confusing error when client attempts to connect with GSSAPI encoding request #792

Open
AndrewJackson2020 opened this issue Sep 4, 2024 · 4 comments · May be fixed by #797
Open

PGcat raises confusing error when client attempts to connect with GSSAPI encoding request #792

AndrewJackson2020 opened this issue Sep 4, 2024 · 4 comments · May be fixed by #797

Comments

@AndrewJackson2020
Copy link
Contributor

AndrewJackson2020 commented Sep 4, 2024
edited
Loading

LDescribe the bug
PGcat does not support GSSAPI encoding (which is fine) but by default psql will try to use GSSAPI when there is an entry available in klist. Normally when no GSSAPI encoded connection is available it will downgrade to an unencoded connection but with pgcat it will raise the following error message. The workaround is to specify the libc parameter gssencmode=disable but this workaround is not obvious from the error message that is presented to the client.

Problem

$ psql  'postgresql://postgres:postgres@hostname:6433/pgml'
psql: error: connection to server at "hostname" (xx.xx.x.xx), port 6433 failed: server closed the connection unexpectedly
        This probably means the server terminated abnormally
        before or while processing the request.

Workaround

$ psql  'postgresql://postgres:postgres@hostname:6433/pgml?gssencmode=disable'
Timing is on.
psql (15.1, server 15.5)
Type "help" for help.

Expected behavior
The client should be able to gracefully handle not being able to connect with GSSAPI encoding.

Graceful handling of gssapi encoding rejection

$ psql  'postgresql://postgres:postgres@hostname:6433/pgml'
Timing is on.
psql (15.1, server 15.5)
Type "help" for help.

Expected error when gssencmode=require

$ psql  'postgresql://postgres:postgres@hostname:6433/pgml?gssencmode=require'
psql: error: connection to server at "hostname" (xx.xx.x.xx), port 6433 failed: connection to server at "hostname" (xx.xx.x.xx), port 6433 failed: GSSAPI encryption required but was impossible (possibly no credential cache, no server support, or using a local socket)

Desktop

  • OS: Rocky9 Linux
  • Version
$ ./target/debug/pgcat --version
pgcat 1.1.2-dev4
@drdrsh
Copy link
Collaborator

drdrsh commented Sep 4, 2024

What does PgCat logs say.
This message

psql: error: connection to server at "hostname" (xx.xx.x.xx), port 6433 failed: server closed the connection unexpectedly
        This probably means the server terminated abnormally
        before or while processing the request.

Indicates that PgCat closed the connection immediately or panicked

@AndrewJackson2020
Copy link
Contributor Author

This is what raises in the logs.

2024-09-04T15:25:41.785114Z  WARN ThreadId(04) pgcat: Client disconnected with error ProtocolSyncError("Unexpected startup code: 80877104")

80877104 refers to the GSSENCRequest message format documented in https://www.postgresql.org/docs/current/protocol-message-formats.html. Neither of the server or client error messages makes it obvious that the client needs to change the gssencmode query parameter without a lot of documentation searching.

I have a patch that will enable pgcat to handle this scenario more gracefully if you are interested in a PR.

@drdrsh
Copy link
Collaborator

drdrsh commented Sep 5, 2024

PRs are always welcome! 😃

@AndrewJackson2020 AndrewJackson2020 linked a pull request Sep 5, 2024 that will close this issue
Open
@AndrewJackson2020
Copy link
Contributor Author

Just raised PR #797 to fix this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Client GSSENC Request Fix AndrewJackson2020/pgcat
2 participants
@drdrsh @AndrewJackson2020