PGcat raises confusing error when client attempts to connect with GSSAPI encoding request

Question

PGcat raises confusing error when client attempts to connect with GSSAPI encoding request

Opened this issue a month ago · 4 comments

AndrewJackson2020 commented a month ago

LDescribe the bug
PGcat does not support GSSAPI encoding (which is fine) but by default psql will try to use GSSAPI when there is an entry available in klist. Normally when no GSSAPI encoded connection is available it will downgrade to an unencoded connection but with pgcat it will raise the following error message. The workaround is to specify the libc parameter gssencmode=disable but this workaround is not obvious from the error message that is presented to the client.

Problem

$ psql  'postgresql://postgres:postgres@hostname:6433/pgml'
psql: error: connection to server at "hostname" (xx.xx.x.xx), port 6433 failed: server closed the connection unexpectedly
        This probably means the server terminated abnormally
        before or while processing the request.

Workaround

$ psql  'postgresql://postgres:postgres@hostname:6433/pgml?gssencmode=disable'
Timing is on.
psql (15.1, server 15.5)
Type "help" for help.

Expected behavior
The client should be able to gracefully handle not being able to connect with GSSAPI encoding.

Graceful handling of gssapi encoding rejection

$ psql  'postgresql://postgres:postgres@hostname:6433/pgml'
Timing is on.
psql (15.1, server 15.5)
Type "help" for help.

Expected error when gssencmode=require

$ psql  'postgresql://postgres:postgres@hostname:6433/pgml?gssencmode=require'
psql: error: connection to server at "hostname" (xx.xx.x.xx), port 6433 failed: connection to server at "hostname" (xx.xx.x.xx), port 6433 failed: GSSAPI encryption required but was impossible (possibly no credential cache, no server support, or using a local socket)

Desktop

OS: Rocky9 Linux
Version

$ ./target/debug/pgcat --version
pgcat 1.1.2-dev4

Answer 1 · 2024-09-04T15:22:27.000Z

What does PgCat logs say.
This message

psql: error: connection to server at "hostname" (xx.xx.x.xx), port 6433 failed: server closed the connection unexpectedly
        This probably means the server terminated abnormally
        before or while processing the request.

Indicates that PgCat closed the connection immediately or panicked

Answer 2 · 2024-09-04T15:30:25.000Z

This is what raises in the logs.

2024-09-04T15:25:41.785114Z  WARN ThreadId(04) pgcat: Client disconnected with error ProtocolSyncError("Unexpected startup code: 80877104")

80877104 refers to the GSSENCRequest message format documented in https://www.postgresql.org/docs/current/protocol-message-formats.html. Neither of the server or client error messages makes it obvious that the client needs to change the gssencmode query parameter without a lot of documentation searching.

I have a patch that will enable pgcat to handle this scenario more gracefully if you are interested in a PR.

Answer 3 · 2024-09-05T13:27:13.000Z

PRs are always welcome! 😃

Answer 4 · 2024-09-05T15:14:58.000Z

Just raised PR #797 to fix this issue.