| From: | "plabrh1" <plabrh1(at)gmail(dot)com> |
|---|---|
| To: | "'Magnus Hagander'" <magnus(at)hagander(dot)net> |
| Cc: | <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: SSPI authentication |
| Date: | 2007-07-18 17:25:26 |
| Message-ID: | 003a01c7c960$a25b8a20$ea01a8c0@plab034 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Just the SSPI piece.
Right now we run a mixture of PostgreSQL and SQL Server and the one
fustrating thing is that we have to have separate security architectures for
them. The SQL Server environment is nice because it allows SSPI and
eliminates the need to pass around passwords everywhere.
In the postgres environment, we've worked around that by "Trusting" the
postgres user from certain locked down and protected IP addresses so that we
don't need to store passwords but that would never win any security awards.
:)
SSPI will enable us to create services that run as that registered user and
as long as that user can obtain an authenticated kerb ticket, we can ensure
that are the user they say they are. Much nicer model...
Looking forward to this release. When will it be available?
Paul
-----Original Message-----
From: Magnus Hagander [mailto:magnus(at)hagander(dot)net]
Sent: Wednesday, July 18, 2007 6:42 AM
To: Paul Silveira
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: [HACKERS] SSPI authentication
On Tue, Jul 17, 2007 at 11:00:35AM -0700, Paul Silveira wrote:
>
> This is great. I've worked on 2 projects in the last year that
desperately
> needed this. It will certainly make the security model more seamless...
Thanks for letting us know.
Are you interested in just the SSPI parts, or also in being able to use
both SSPI and GSSAPI at the same time?
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2007-07-18 17:26:26 | Re: Future of krb5 authentication |
| Previous Message | Stephen Frost | 2007-07-18 17:05:59 | Re: Future of krb5 authentication |