| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Magnus Hagander <mha(at)sollentuna(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Martijn van Oosterhout <kleptog(at)svana(dot)org>, Florian Weimer <fw(at)deneb(dot)enyo(dot)de>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Upcoming re-releases |
| Date: | 2006-02-11 20:38:49 |
| Message-ID: | 20060211203849.GN4474@ns.snowman.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Magnus Hagander (mha(at)sollentuna(dot)net) wrote:
> > > The way our Kerberos implementation is done, it does *not* validate
> > > the server, just the client. If you want server
> > verification, you must
> > > use a combination of both Kerberos and SSL.
> >
> > Eh? We use mutual authentication in Kerberos...
>
> We do? That's good then :-) I was told by someone that we don't. Never
> really checked into it, since all my installations already use SSL for
> that. So, I'll retract my comment ;)
We pass in 'MUTUAL_REQUIRED' to krb5_sendauth and check the return value
of it correctly... I'd be really curious why 'someone' felt we weren't
doing mutual authentication... I don't see anything obvious..
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kenneth Marshall | 2006-02-11 22:50:48 | Re: SpeedComparison |
| Previous Message | Peter Eisentraut | 2006-02-11 20:31:42 | Re: SpeedComparison |