Re: JAVA Support

From: "Henry B(dot) Hotz" <hotz(at)jpl(dot)nasa(dot)gov>
To: "Josh Berkus" <josh(at)agliodbs(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Magnus Hagander" <mha(at)sollentuna(dot)net>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: JAVA Support
Date: 2006-09-28 23:05:59
Message-ID: 364730D3-8A56-40CD-9043-D24A1FB79AED@jpl.nasa.gov
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers


On Sep 28, 2006, at 3:03 PM, Josh Berkus wrote:

> Tom,
>
>> It would depend in part on the size of the patch, and on whether
>> there
>> are any arguments for supporting GSSAPI besides "Java can't do
>> Kerberos".
>> What would it buy for a libpq user?
>
> According to the Solaris Security engineers, GSSAPI is more secure
> than
> using the Kerberos headers. Also, in theory GSSAPI is supposed to
> support multiple authentication back-ends (ldap, liberty, etc.), but I
> personally have never seen support for anything but Kerberos.

I think that GSSAPI is more tolerant of connections through NAT's. I
think it's more robust to current network reality, but I'm not aware
it's actually more secure if you're using comparable verification
options.

As noted elsewhere on this thread it's more available.

------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry(dot)B(dot)Hotz(at)jpl(dot)nasa(dot)gov, or hbhotz(at)oxy(dot)edu

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Jim C. Nasby 2006-09-28 23:32:11 Re: New version of money type
Previous Message Henry B. Hotz 2006-09-28 23:01:41 Re: JAVA Support