From: | Tim Watts <tim(dot)j(dot)watts(at)kcl(dot)ac(dot)uk> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org> |
Subject: | Re: Postgresql 8.4 GSSAPI auth with fallback to password prompting? |
Date: | 2013-03-25 15:30:05 |
Message-ID: | 51506D7D.5090105@kcl.ac.uk |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
On 25/03/13 15:17, Stephen Frost wrote:
> Tim,
>
> * Tim Watts (tim(dot)j(dot)watts(at)kcl(dot)ac(dot)uk) wrote:
>> I presume the protocol does not allow the server to send a succession of
>> "Type: Authentication request" packets with different Authentication
>> types until it deems that one is acceptable?
>
> Even if it did, existing clients would very likely be confused by it..
>
> To be honest, I don't have a solution in mind for how to make this
> happen, I was really just pointing out that there's a difference between
> "we won't do that because we don't trust the sysadmin" and "that's not
> an option due to how the system works today".
No no - fully understood :)
I appreciate the candid and reasoned arguments :)
I wish I could help - but I more of a sysamdin and less of a developer.
But it is *very* helpful to know that something *is not possible* and
*is likely to not be possible for a long time, if ever*. That allows me
as a humble user of the software to plan deployment :)
> Perhaps one option would
> be to look at the Negotiate protocol which mod_auth_kerb and friends use
> and perhaps have that as an explicitly new auth mechanism. A server set
> up to provide that would, of course, have to consider if its users
> supported it or not but that's true already- you can have situation
> already though, a given client might not support gssapi, for example.
A "negotiate" option would be very cool. I will expect nothing (on the
basis it's free software, I have no rights ;-> ).
Save to say I think Postgresql is very cool already and has been for the
last 12 years I've been using it...
All the best,
Tim
--
Tim Watts Tel (VOIP): +44 (0)1580 848360
Systems Manager Digital Humanities, King's College London
Systems Messages and Notifications: https://systemsblog.cch.kcl.ac.uk/
Personal Blog: http://squiddy.blog.dionic.net/
"She got her looks from her father. He's a plastic surgeon."
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2013-03-25 15:44:47 | Re: Postgresql 8.4 GSSAPI auth with fallback to password prompting? |
Previous Message | Stephen Frost | 2013-03-25 15:17:52 | Re: Postgresql 8.4 GSSAPI auth with fallback to password prompting? |