| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | josh(at)agliodbs(dot)com |
| Cc: | pgsql-hackers(at)postgresql(dot)org, "Henry B(dot) Hotz" <hotz(at)jpl(dot)nasa(dot)gov> |
| Subject: | Re: Fwd: [PATCHES] Preliminary GSSAPI Patches |
| Date: | 2007-05-01 20:07:47 |
| Message-ID: | 46379E13.7020604@hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Josh Berkus wrote:
> Magnus,
>
>> I'd also vote for changing the name of the "non encrypted" version to
>> just "gss" instead of "gss-np".
>
> I don't. We'll want to support GSS encryption once we have the code, so we
> should leave the namespace open to address that.
I agree that we should do this, I'm just suggesting different names,
namely "gss" and "gss-sec".
>> Oh, and I do think putting in GSSAPI authentication only (and not
>> encryption) is the way to go for now, since we can do encryption with
>> OpenSSL. It'll make the changes localized to just the authentication.
>
> For now, yes. In the long run, we want to provide users with other methods
> of encrypted connections than the rather flaky and
> not-available-on-every-platform OpenSSL.
Certainly. I'm talking short-term when I say that.
When we eventually do -sec, it might be worthwhile to consider that in
the context of the GnuTLS patches that were thrown around earlier -
maybe something can be done for both of them, so we don't get a hugely
expanded codebase.
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2007-05-01 20:10:07 | Re: Feature freeze progress report |
| Previous Message | Magnus Hagander | 2007-05-01 20:06:06 | Re: Fwd: [PATCHES] Preliminary GSSAPI Patches |