Re: Future of krb5 authentication

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Heikki Linnakangas <heikki(at)enterprisedb(dot)com>, Dave Page <dpage(at)postgresql(dot)org>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Future of krb5 authentication
Date: 2007-07-18 17:26:26
Message-ID: 469E4D42.1040204@hagander.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Stephen Frost wrote:
> * Magnus Hagander (magnus(at)hagander(dot)net) wrote:
>> The maintenance part of me suggesting getting rid of krb5 is the
>> smallest one. It being a non-standard protocol is more important, and
>> the fact that the exchange breaks the libpq protocol and is not
>> protected by SSL is the big reason.
>
> Erm, it doesn't need to be protected by SSL? Breaking the libpq
> protocol does kind of suck. I assume you're not requiring SSL for the
> GSSAPI stuff...

No, no requirement. But you would certainly expect it to use it if you
have SSL on the connection.

//Magnus

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Magnus Hagander 2007-07-18 17:27:11 Re: Future of krb5 authentication
Previous Message plabrh1 2007-07-18 17:25:26 Re: SSPI authentication