| From: | "Peter Koczan" <pjkoczan(at)gmail(dot)com> |
|---|---|
| To: | "Henry B(dot) Hotz" <hotz(at)jpl(dot)nasa(dot)gov> |
| Cc: | "Kris Jurka" <books(at)ejurka(dot)com>, pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: JDBC and GSSAPI/Krb5 |
| Date: | 2007-12-06 19:50:06 |
| Message-ID: | 4544e0330712061150q1f3bbeefy5130d068429403fc@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
On Dec 6, 2007 1:47 PM, Peter Koczan <pjkoczan(at)gmail(dot)com> wrote:
> On Dec 6, 2007 1:10 PM, Henry B. Hotz <hotz(at)jpl(dot)nasa(dot)gov> wrote:
> > Thank you. I'm looking at it.
> >
> > I think the changes *should* be localized to v3/
> > ConnectionFactoryImpl.java. I need to see how Magnus changed the
> > wire protocol (he did it differently from what I did), and I need to
> > try a sample program first so I can debug wire/API issues
> > independently from PG issues.
> >
> > I will not even attempt to address the SSPI auth mechanism since I
> > don't understand fully why it exists. SSPI is supposed to just be an
> > alternate C binding for the GSSAPI wire protocol, but there are other
> > issues that confound that statement. I believe that Java should
> > stick to the standard, at least initially.
>
> http://people.planetpostgresql.org/mha/index.php?/archives/155-Integrated-Security-in-PostgreSQL-8.3.html
>
> According to this, SSPI is a Windows-only thing (for both clients and
> servers). Apparently each can authenticate against a "gss" entry in
> pg_hba.conf.
>
> I don't know what implications that has for support in the JDBC
> driver. I'll let you figure that out :-).
Oh, and by "each" I mean both SSPI and GSSAPI.
B'oh.
Peter
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Henry B. Hotz | 2007-12-06 20:00:52 | Re: JDBC and GSSAPI/Krb5 |
| Previous Message | Peter Koczan | 2007-12-06 19:47:36 | Re: JDBC and GSSAPI/Krb5 |