Re: LibreOffice driver 2: MIT Kerberos vs Microsoft Kerberos

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Lionel Elie Mamane <lionel(at)mamane(dot)lu>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: LibreOffice driver 2: MIT Kerberos vs Microsoft Kerberos
Date: 2011-12-13 14:18:22
Message-ID: 20111213141822.GS24234@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

* Lionel Elie Mamane (lionel(at)mamane(dot)lu) wrote:
> The "gsslib" parameter in the connection string won't work, but will
> that keep users from authenticating to some Kerberos domains, and/or
> are there other (interoperability?) issues that make it strongly
> desirable to link libpq with *both* SSPI *and* MIT krb5 (and its
> gssapi_krb5 library)?

The MIT KRB5 library on Windows is more-or-less defunct now, as I
understand it. pgAdmin3 hasn't been linking against it due to unfixed
security bugs (that don't seem likely to ever be fixed) and because it's
horribly painful to maintain.

The gist of the limitation is this- if you need to support decent
encryption in a cross-realm environment on Windows XP-age systems, you
need MIT KRB5. If you're on Windows 7 or something else recent, the
built-in Windows stuff w/ AES works fine.

Thanks,

Stephen

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Merlin Moncure 2011-12-13 14:29:33 Re: JSON for PG 9.2
Previous Message Greg Smith 2011-12-13 14:11:52 Re: JSON for PG 9.2