| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Heikki Linnakangas <heikki(at)enterprisedb(dot)com>, Dave Page <dpage(at)postgresql(dot)org>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Future of krb5 authentication |
| Date: | 2007-07-18 15:04:09 |
| Message-ID: | 20070718150409.GL3787@svr2.hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Jul 18, 2007 at 10:46:58AM -0400, Tom Lane wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
> > But sure, we might leave it in there until there's a direct problem with it
> > (other than the ones we already know). Can I still get my deprecation of it
> > though? ;-)
>
> In the krb4 case, we left it in there until there was very little
> probability anyone was using it anymore, and AFAIR there was no
> significant maintenance burden from that. I don't see a reason to be
> harsher on the krb5 case.
>
> The real problem in my mind is this business of the gssapi and krb5
> support being mutually exclusive. That is going to cause tremendous
> pain because there won't be any convenient upgrade path. Particularly
> not for users of binary packages (RPMs etc) --- they'll be screwed
> if their packager changes, and have no way to upgrade if he doesn't.
> This needs to be fixed.
Non, GSSAPI and krb5 are *not* mutually exclusive.
SSPI and GSSAPI are mutually exclusive.
You can use krb5 and GSSAPI or krb5 and SSPI just fine.
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2007-07-18 15:09:10 | Re: What is the maximum encoding-conversion growth rate, anyway? |
| Previous Message | Chris Browne | 2007-07-18 14:54:17 | Re: Future of krb5 authentication |