From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
---|---|
To: | Garrett Wollman <wollman(at)khavrinen(dot)lcs(dot)mit(dot)edu> |
Cc: | pgsql-patches(at)postgresql(dot)org |
Subject: | Re: Kerberos v5 support |
Date: | 2000-11-06 18:43:24 |
Message-ID: | Pine.LNX.4.21.0011061936080.776-100000@peter.localdomain |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-patches |
Garrett Wollman writes:
> Enclosed please find a set of patches, relative to 7.0.2, which will
> result in Kerberos v5 support which both compiles and works (as in,
> I've successfully authenticated as a remote client).
The 7.0 series is not so interesting at this point but you might have a
few days yet to get stuff into 7.1. :) (Especially stuff that's #ifdef
KRB5 ought to be safe.)
'configure' support for Kerberos (and OpenSSL) has been implemented
meanwhile.
> local all trust
> host all 0.0.0.0 0.0.0.0 krb5
>
> However, that `trust' is tempered by changes to the startup scripts
> (not included here) which force the local-domain socket to mode 600,
We also got that in 7.1-to-be, even without race conditions. :)
> You can see from some of the comments that I'd like this to be made
> stronger in a number of ways. This patch set simply gets pgsql up to
> the minimum acceptable level of security for our environment and
> application.
Well, not a lot of people really know and use the Kerberos support, so
anything that can be done to improve it should be okay. Some better
documentation would also be appreciated. :)
--
Peter Eisentraut peter_e(at)gmx(dot)net http://yi.org/peter-e/
From | Date | Subject | |
---|---|---|---|
Next Message | Pete Forman | 2000-11-07 14:08:25 | Regression tests - geometry results for AIX/RS6000 |
Previous Message | Bruce Momjian | 2000-11-06 18:25:16 | Re: Kerberos v5 support |