| From: | Josh Berkus <josh(at)agliodbs(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Cc: | "Magnus Hagander" <mha(at)sollentuna(dot)net>, mark(at)mark(dot)mielke(dot)cc, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Andrew Sullivan" <ajs(at)crankycanuck(dot)ca> |
| Subject: | Re: Design Considerations for New Authentication Methods |
| Date: | 2006-11-04 20:03:12 |
| Message-ID: | 200611041203.12509.josh@agliodbs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom, Josh, etc.:
> But if you're looking for a "big application" that uses Kerberos,
> there's that pesky thing called Windows. Every single Windows machine in
> an active directory domain environment is a Kerberos client, and uses
> Kerberos for authentication to all network services.
Kerberos with GSSAPI is also widely used for Solaris, so supporting it helps a
lot in getting a large proportion of Solaris users to adopt PostgreSQL.
> So Kerberos is definitly big. And more and more apps do support GSSAPI
> for authentication. Not that many apps support "raw kerberos" as pgsql
> does, probably because it does have some compatibility issues and such
> things.
Yes ... if we were looking to cut down on both code and dependency bugs, we
might consider desupporting "raw Kerberos". At this point, I think that
everyone who supports Kerberos supports GSSAPI, unless we're still committed
to supporting users of Red Hat 7.0 (Tom?).
--
Josh Berkus
PostgreSQL @ Sun
San Francisco
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2006-11-04 20:04:51 | buildfarm project changes |
| Previous Message | Tom Lane | 2006-11-04 19:04:26 | Re: CLUSTER micro-doc-patch |