| From: | Raj kumar <rajkumar820999(at)gmail(dot)com> |
|---|---|
| To: | Pgsql-admin <pgsql-admin(at)lists(dot)postgresql(dot)org> |
| Subject: | GSSAPI encryption support |
| Date: | 2020-05-18 11:49:06 |
| Message-ID: | CACxU--VTrpP9=J4w_dQb+PiucK=KQVKSg13tOxLJFavr8X67kA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Hi Team,
Postgres 12 added "GSSAPI encryption support" as an additional feature to
"GSSAPI Authentication" mechanism introduced in Postgres 11. I have few
questions based on it.
1) The encryption support means that the encryption between the Client and
the Server over the network, which was previously possible only through SSL
or previously, not encrypted at all. Now, instead of SSL, we can change
pg_hba.conf with the parameters "hostgssenc" and hostnogssenc" to support
encryption over the network directly using gssapi.
2) We need to have a client server, a service server and a Key Distribution
Center Server which should have Kerberose installed in it. Kerberose is
available as opensource.
Please help me if my understanding is correct and let me know about the
major improvement on this feature with PG12. I have referred Documentation
and some blogs. But, couldn't get the right picture. Your reply is
appreciable.
Thanks and Regards,
Raj Kumar.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2020-05-18 15:40:22 | Re: GSSAPI encryption support |
| Previous Message | Laurenz Albe | 2020-05-18 06:22:32 | Re: PGBOUNCER FAILOVER AND HIGH AVAILABILITY |