| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: reducing our reliance on MD5 |
| Date: | 2015-02-12 00:48:06 |
| Message-ID: | 20150212004806.GC3854@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> writes:
> > We could also support using a library like that for additional
> > authentication mechanisms, though, for those who really need them.
>
> We've already got a sufficiency of external authentication mechanisms.
> If people wanted to use non-built-in authentication, we'd not be having
> this discussion.
Just to be clear- lots of people *do* use the external authentication
mechanisms we provide, particularly Kerberos/GSSAPI. SASL would bring
us quite a few additional mechanisms (SQL-based, Berkley DB, one-time
passwords, RSA SecurID, etc..) and would mean we might be able to
eventually drop direct GSSAPI and LDAP support and have a better
alternative for those who want to use password-based auth.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2015-02-12 01:11:05 | Re: reducing our reliance on MD5 |
| Previous Message | Andres Freund | 2015-02-12 00:28:15 | Re: Typo in logicaldecoding.sgml |