Re: Future of krb5 authentication

Stephen Frost wrote:
> * Magnus Hagander (magnus(at)hagander(dot)net) wrote:
>> Stephen Frost wrote:
>>> * Magnus Hagander (magnus(at)hagander(dot)net) wrote:
>>>> Certainly not "just minor adjustments", since we need to do dynamic
>>>> loading and checking for the functions. That's the big one, which will
>>> If we're supporting krb5 anyway, and shipping the bits that go along
>>> with that, do we need to do dynamic loading and function checking?
>> Eh, good point. I got confused, it seems :-) Scratch that, then - we're
>> back to finding a good way to specify it.
>
> Honestly, for now I'm happy w/ it being a connectionstring option. It
> seems the most appropriate place for it to go. That does mean that
> applications may need to be modified to support gssapi (where they might
> not have to be for sspi since it's the default), but since we're going
> to keep krb5 support around for a bit there's time for those
> applications to catch up without breaking things explicitly for people
> migrating to 8.3.

Well, since you're the only one who've asked for the feature, I guess
that's good enough for me unless someone else complains. If you have a
good suggestion for a name for it, let me know, otherwise I'll just cook
something up.

BTW, I have working SSPI server code running on Windows now as well,
giving the full Active Directory integration in the windows postgresql.
It's far from perfect yet, needs a bunch of cleanup, but it works. (This
is SSPI, of course)

//Magnus