Skip site navigation (1) Skip section navigation (2)

Re: JAVA Support

From: "Henry B(dot) Hotz" <hotz(at)jpl(dot)nasa(dot)gov>
To: "Josh Berkus" <josh(at)agliodbs(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Magnus Hagander" <mha(at)sollentuna(dot)net>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: JAVA Support
Date: 2006-09-28 23:05:59
Message-ID: 364730D3-8A56-40CD-9043-D24A1FB79AED@jpl.nasa.gov (view raw or flat)
Thread:
Lists: pgsql-hackers
On Sep 28, 2006, at 3:03 PM, Josh Berkus wrote:

> Tom,
>
>> It would depend in part on the size of the patch, and on whether
>> there
>> are any arguments for supporting GSSAPI besides "Java can't do
>> Kerberos".
>> What would it buy for a libpq user?
>
> According to the Solaris Security engineers, GSSAPI is more secure  
> than
> using the Kerberos headers.  Also, in theory GSSAPI is supposed to
> support multiple authentication back-ends (ldap, liberty, etc.), but I
> personally have never seen support for anything but Kerberos.

I think that GSSAPI is more tolerant of connections through NAT's.  I  
think it's more robust to current network reality, but I'm not aware  
it's actually more secure if you're using comparable verification  
options.

As noted elsewhere on this thread it's more available.

------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry(dot)B(dot)Hotz(at)jpl(dot)nasa(dot)gov, or hbhotz(at)oxy(dot)edu



In response to

pgsql-hackers by date

Next:From: Jim C. NasbyDate: 2006-09-28 23:32:11
Subject: Re: New version of money type
Previous:From: Henry B. HotzDate: 2006-09-28 23:01:41
Subject: Re: JAVA Support

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group