Re: Preliminary GSSAPI Patches

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Henry B(dot) Hotz" <hbhotz(at)oxy(dot)edu>
Cc: Magnus Hagander <magnus(at)hagander(dot)net>, Stephen Frost <sfrost(at)snowman(dot)net>, pgsql-patches(at)postgresql(dot)org
Subject: Re: Preliminary GSSAPI Patches
Date: 2007-10-10 17:06:32
Message-ID: 19293.1192035992@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-patches

"Henry B. Hotz" <hbhotz(at)oxy(dot)edu> writes:
> You know, I don't know what I was thinking when I sent this. My
> apologies for the late correction.
>
> Anyone who has a copy of the "host" keys for a machine can
> manufacture kerberos tickets for the "host" service on that machine
> masquerading as absolutely anyone (including people who don't
> exist). Same for the "postgres" keys, and if the postgres server can
> steal the host keys (or vice versa) then it's even worse.
> [snip...]

Maybe I'm too dense, but I don't see a conclusion here. Do we need to
change our code, our docs, both, or neither?

regards, tom lane

In response to

Responses

Browse pgsql-patches by date

  From Date Subject
Next Message Magnus Hagander 2007-10-10 17:53:17 Re: Preliminary GSSAPI Patches
Previous Message Tom Lane 2007-10-10 16:51:35 Re: quote_literal with NULL