Re: Postgresql 8.4 GSSAPI auth with fallback to password prompting?

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Tim Watts <tim(dot)j(dot)watts(at)kcl(dot)ac(dot)uk>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: Postgresql 8.4 GSSAPI auth with fallback to password prompting?
Date: 2013-03-24 18:47:10
Message-ID: 20130324184710.GI4361@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Tim,

* Tim Watts (tim(dot)j(dot)watts(at)kcl(dot)ac(dot)uk) wrote:
> Is it possible to specify GSSAPI auth (with MIT kerberos as the
> backend) but get Postgresql to fallback to prompting for a password
> if a kerberos ticket cannot be supplied by the client - eg because
> the client cannot do GSSAPI or because the client is not part of the
> kerberos realm?

You're right- it's a 'no'. It would also really degrade the security
which you get with Kerberos as you'd undoubtably end up with clients
storing those passwords and using them routinely instead of using
Kerberos.

Thanks,

Stephen

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Andrzej Zawadzki 2013-03-24 19:30:36 Re: Problem with data migration from 9.1 to 9.2
Previous Message Tim Watts 2013-03-21 12:22:11 Postgresql 8.4 GSSAPI auth with fallback to password prompting?