From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
Cc: | Josh Berkus <josh(at)agliodbs(dot)com>, "Henry B(dot) Hotz" <hotz(at)jpl(dot)nasa(dot)gov>, Kris Jurka <books(at)ejurka(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: JAVA Support |
Date: | 2006-09-29 04:35:43 |
Message-ID: | 9859.1159504543@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
"Joshua D. Drake" <jd(at)commandprompt(dot)com> writes:
> Is there any reason why we haven't built a generic authentication API?
> Something like PAM, except cross platform?
We're database geeks, not security/crypto/authentication geeks. What
makes you think we have any particular competence to do the above?
Actually, the part of this proposal that raised my hackles the most was
the claim that GSSAPI provides a generic auth API, because that was
exactly the bill of goods we were sold in connection with PAM. (So why
is this our problem at all --- can't you make a PAM plugin for it??)
It didn't help any that that was shortly followed by the lame admission
that no one has ever implemented anything except Kerberos underneath it.
Word to the wise, guys: go *real* soft on vaporware claims for auth
stuff, because we've seen enough of those before.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Joshua D. Drake | 2006-09-29 05:17:02 | Re: JAVA Support |
Previous Message | Joshua D. Drake | 2006-09-29 04:18:59 | Re: JAVA Support |