From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | PGSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | SSPI authentication |
Date: | 2007-07-16 17:50:09 |
Message-ID: | 469BAFD1.2010900@hagander.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
A quick status update on the SSPI authentication part of the GSSAPI project.
I have libpq SSPI working now, with a few hardcoded things still in
there to be fixed. But it means that I can connect to a linux server
using kerberos/GSSAPI *without* the need to set up MIR Kerberos
libraries and settings on the client. This is great :-) The code is
fairly trivial.
I've set it up as a different way of doing GSSAPI authentication. This
means that if you can't have both SSPI and MIT KRB GSSAPI in the same
installation. I don't see a problem with this - 99.9% of windows users
will just want the SSPI version anyway. But I figured I'd throw it out
here to see if there are any objections to this?
I'd like to make this enabled by default on Win32, since all supported
windows platforms have support for it. Then we can add a configure
option to turn it *off* if we want to. Comments? Do we even need such an
option?
Right now, the SSPI path is hardcoded to just support Kerberos. Once we
have both client and server with SSPI support I see no reason to keep
this restriction. Anybody against that? (Not saying that'll happen for
8.3, because it certainly needs a bunch of extra testing, but eventually)
//Magnus
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2007-07-16 18:12:49 | Re: SSPI authentication |
Previous Message | Zdenek Kotala | 2007-07-16 17:20:30 | Re: compiler warnings on the buildfarm |