From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Magnus Hagander <magnus(at)hagander(dot)net> |
Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Deprecations in authentication |
Date: | 2012-10-22 14:24:41 |
Message-ID: | 20121022142441.GJ29165@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Magnus, all,
* Magnus Hagander (magnus(at)hagander(dot)net) wrote:
> On Thu, Oct 18, 2012 at 5:59 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> > That seems like a sufficiently long deprecation window, but is gssapi
> > a full substitute for krb5? I don't really have a strong opinion on
> > this, not being a user myself.
>
> I'm pretty sure that it is.
>
> Stephen, you usually have comments about the Kerberos stuff - want to
> comment on this one? :)
The biggest risk that I can think of regarding deprecating krb5 would be
platforms (if any still exist...) which don't have GSSAPI. Is it
possible to see that from the buildfarm information or from the
configure results that people have for any strange/different platforms
out there? The other question would be if we think anyone's actually
using krb5 on those platforms and/or would people in those situations be
willing/able to move to a different library which supports GSSAPI.
I'm all for deprecating krb5 myself, but I wouldn't want to break things
for people without good cause.
Thanks,
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Andrew Dunstan | 2012-10-22 14:57:33 | Re: Successor of MD5 authentication, let's use SCRAM |
Previous Message | Robert Haas | 2012-10-22 14:18:08 | Re: Successor of MD5 authentication, let's use SCRAM |