From: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>, pgsql-hackers(at)postgresql(dot)org, mark(at)mark(dot)mielke(dot)cc, Martijn van Oosterhout <kleptog(at)svana(dot)org>, Mark Kirkwood <markir(at)paradise(dot)net(dot)nz> |
Subject: | Re: TODO: GNU TLS |
Date: | 2006-12-30 00:58:33 |
Message-ID: | 1167440313.20777.26.camel@localhost.localdomain |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> > I do not like --with-krb5 because it has extremely limited real world
> > use.
>
> Riiigghhhttt... Only every Windows setup which uses Active Directory,
> most major universities, and certain large corporations (uh, AOL?) would
> even think to use something like Kerberos!
I said "Extremely Limited" real world use. Between just two of my
customers, in the next 2 years we (CMD) will have 12 thousand postgresql
installations. Not one of them will use Kerberos.
>
> > I do not like --with-pam but only because I have never gotten it to
> > work.
>
> We use it on some of our production systems (since it can provide
> cracklib, password expiration, etc, and the postgres instance inside
> it's own vserver so it doesn't hurt as much to make the passwd/shadow
> files available to it...). I'd be happy to help you get it to work if
> you'd like, and I could even provide you with some PG/C functions to use
> password changing and password aging. :)
Oh, I am sure it is great. I have just never tried that hard to get it
to work :)
> > I do like --with-ldap because it is pretty much standard within
> > directory lookups by the nature of Active Directory.
>
> Funny you like LDAP but not Kerberos, both of which are part of Active
> Directory... Using LDAP simple binds to AD for authentication is
> *quite* silly and *much* less secure than using Kerberos...
Yes but LDAP gives me a lot of other things, easily and it has SSL. SSL
+ Firewall gives me 98% of the security I need.
Sincerely,
Joshua D. Drake
--
=== The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive PostgreSQL solutions since 1997
http://www.commandprompt.com/
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
From | Date | Subject | |
---|---|---|---|
Next Message | Theo Schlossnagle | 2006-12-30 01:01:01 | Re: TODO: GNU TLS |
Previous Message | Stephen Frost | 2006-12-30 00:43:53 | Re: TODO: GNU TLS |