| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Heikki Linnakangas <heikki(at)enterprisedb(dot)com>, Dave Page <dpage(at)postgresql(dot)org>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Future of krb5 authentication |
| Date: | 2007-07-18 16:51:55 |
| Message-ID: | 469E452B.5020306@hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Stephen Frost wrote:
> * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
>> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>>> On Wed, Jul 18, 2007 at 10:46:58AM -0400, Tom Lane wrote:
>>>> This needs to be fixed.
>>> Non, GSSAPI and krb5 are *not* mutually exclusive.
>>> SSPI and GSSAPI are mutually exclusive.
>> Color me confused then. What's the difference?
>
> GSSAPI is the MIT libraries, SSPI is the Windows library, but there's no
> way to indicate to libpq which to use and they share some of the same
> code paths with minor adjustments for each done at compile-time (aiui
> anyway, Magnus can provide a clearer answer on this).
>
Certainly not "just minor adjustments", since we need to do dynamic
loading and checking for the functions. That's the big one, which will
certainly increase the required code a lot. The part about letting the
client specify how is probably fairly easy, if we can figure out a good
one. (I personally think we've clearly shown that using the
connectionstring is not a good enough way to do it)
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2007-07-18 17:04:57 | Re: Future of krb5 authentication |
| Previous Message | Magnus Hagander | 2007-07-18 16:49:32 | Re: Future of krb5 authentication |