Re: [pgadmin-hackers] Client-side password encryption

> There's also Kerberos, which I'm happy to say seems to be
> getting more and more use. I'd really like to get ODBC
> Kerberos working, at least with MIT kerberos and then maybe
> someday (if I can manage to get it
> working...) setup some cross-realm stuff with the Windows AD and SSPI
> (iirc) things and have ODBC use that to authenticate against
> my Linux-based PostgreSQL server.

ODBC and Kerberos works just fine, if you use the 8.1 ODBC driver. I use
it all the time :)
Haven't tried any cross-realm work, though, but I use it to authenticate
Windows users in AD to a postgresql server running on Linux.
(It's not SSPI, btw, it's plain Kerberos)

(it works with libpq and OLEDB in 8.0.2 (I think, it could be .3), but
it's much better in 8.1)

> I guess to do that we'd have to make libpq under Windows have
> the option of using the Windows SSPI layer. Anyone looked
> into this at all?
> Anyone know if it'd have a chance of getting accepted?

That is another thing alltogether, which would allow us to work with NT4
domains (not really interesting, IMHO) and local windows accounts (which
might be interesting).

In general, I'm not sure it's worth it considering we can do AD with
Kerberos. It might be interesting to be able to use windows accounts and
passwords to do authentication that's *not* integrated (meaning we take
the password from the user and just use the windows SAM instead of a
passwd file). That's a completely different thing, though.

//Magnus