Re: TODO: GNU TLS

* Joshua D. Drake (jd(at)commandprompt(dot)com) wrote:
> I do not like --enable-dtrace because it is a Solaris only thing and a
> waste of maintability resources (although small).

While the analysis can only be done on Solaris I feel that improvments
from the analysis may be useful on other platforms. For that I don't
feel it's a waste of resources.

> I do not like --with-libedit-preferred because I think it should be
> --with-libedit and readline should be ripped out.

Not all that particular on this one as long as my psql works well. :) I
do like the improvments in 8.2 too.

> I do not like --with-krb5 because it has extremely limited real world
> use.

Riiigghhhttt... Only every Windows setup which uses Active Directory,
most major universities, and certain large corporations (uh, AOL?) would
even think to use something like Kerberos!

> I do not like --with-tcl because well... it is tcl

Haha.

> I do not like --with-pam but only because I have never gotten it to
> work.

We use it on some of our production systems (since it can provide
cracklib, password expiration, etc, and the postgres instance inside
it's own vserver so it doesn't hurt as much to make the passwd/shadow
files available to it...). I'd be happy to help you get it to work if
you'd like, and I could even provide you with some PG/C functions to use
password changing and password aging. :)

> I do like --with-python because all other languages are inferior.

haha.

> I do like --with-ldap because it is pretty much standard within
> directory lookups by the nature of Active Directory.

Funny you like LDAP but not Kerberos, both of which are part of Active
Directory... Using LDAP simple binds to AD for authentication is
*quite* silly and *much* less secure than using Kerberos...

> I do not like "Green Eggs and Ham", said Sam I am.

hehe.

Thanks,

Stephen