| From: | "Peter Koczan" <pjkoczan(at)gmail(dot)com> |
|---|---|
| To: | "Henry B(dot) Hotz" <hotz(at)jpl(dot)nasa(dot)gov> |
| Cc: | "Kris Jurka" <books(at)ejurka(dot)com>, pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: JDBC and GSSAPI/Krb5 |
| Date: | 2007-12-06 19:47:36 |
| Message-ID: | 4544e0330712061147g1f7be06dn9e86a2c80f68ed35@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
On Dec 6, 2007 1:10 PM, Henry B. Hotz <hotz(at)jpl(dot)nasa(dot)gov> wrote:
> Thank you. I'm looking at it.
>
> I think the changes *should* be localized to v3/
> ConnectionFactoryImpl.java. I need to see how Magnus changed the
> wire protocol (he did it differently from what I did), and I need to
> try a sample program first so I can debug wire/API issues
> independently from PG issues.
>
> I will not even attempt to address the SSPI auth mechanism since I
> don't understand fully why it exists. SSPI is supposed to just be an
> alternate C binding for the GSSAPI wire protocol, but there are other
> issues that confound that statement. I believe that Java should
> stick to the standard, at least initially.
According to this, SSPI is a Windows-only thing (for both clients and
servers). Apparently each can authenticate against a "gss" entry in
pg_hba.conf.
I don't know what implications that has for support in the JDBC
driver. I'll let you figure that out :-).
Peter
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Koczan | 2007-12-06 19:50:06 | Re: JDBC and GSSAPI/Krb5 |
| Previous Message | Henry B. Hotz | 2007-12-06 19:10:25 | Re: JDBC and GSSAPI/Krb5 |