| From: | Tomas Pospisek <tpo2(at)sourcepole(dot)ch> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | pgsql-docs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Make SSPI documentation clearer |
| Date: | 2023-10-14 14:58:46 |
| Message-ID: | d2b32aa1-72d7-42aa-81c0-651aa23d72c3@sourcepole.ch |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs |
On 10.10.23 22:51, Bruce Momjian wrote:
> On Thu, Sep 28, 2023 at 09:55:43AM -0400, Bruce Momjian wrote:
>> On Wed, Sep 27, 2023 at 07:09:02PM -0400, Bruce Momjian wrote:
>>> On Sun, Mar 12, 2023 at 08:36:53PM -0400, Stephen Frost wrote:
>>>>> When the server is on a non-Windows platform then the server must use GSSAPI
>>>>> if it wants to authenticate the client either via Kerberos or via Active
>>>>> Directory. A client on a Windows platform that connects to a non-Windows
>>>>> Postgresql server can either use SSPI (strongly encouraged) or GSS (much
>>>>> more difficult to set up) if it wants to authenticate via Kerberos or Active
>>>>> Directory. A client from a non-Windows platform must use GSS if it wants to
>>>>> authenticate via Kerberos or Active Directory."
>>>>
>>>> Rather than work in negative, I feel like it might make more sense to
>>>> work in positives? That is, perhaps this instead:
>>>>
>>>> On Windows platforms, SSPI is the default and most commonly used
>>>> mechanism. Note that an SSPI client can authenticate to a server which
>>>> is using either SSPI or GSSAPI, and a GSSAPI client can authenticate to
>>>> a server which is using either SSPI or GSSAPI. Generally speaking,
>>>> clients and servers on Windows are recommended to use SSPI while clients
>>>> and servers on Unix (non-Windows) platforms use GSSAPI.
>>>
>>> I developed the attached patch.
>>
>> My first attempt was too terse, so here is a more detailed version,
>> attached.
>
> Patch applied back to PG 11.
Nice! Thanks a lot Bruce! And:
Stephen wrote:
>
>> Tomas wrote:
>>
>> - anybody here that has the guts, time and willingness to take the
>> supposed improvement and apply put it into the git repo?
>
> This isn't helpful and frankly is detrimental to getting this change
> included. We strive strongly to have a positive tone and focus on
> technical excellence.
Thanks a lot Stephen for this comment! I hope it will cause a more
important change on my side than my minuscule effort to improve the
docu. And sorry I didn't follow up - life piled up and I never came back
to this.
Many thanks Stephen, really, very appreciated and thanks Bruce for
picking up the ball!!!
*t
| From | Date | Subject | |
|---|---|---|---|
| Next Message | PG Doc comments form | 2023-10-16 01:58:46 | SP-GiST confusing introductory paragraph |
| Previous Message | Tom Lane | 2023-10-13 20:37:53 | Re: Clarify: default precision on timestamps is 6 |