Skip site navigation (1) Skip section navigation (2)

Re: JAVA Support

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
Cc: Josh Berkus <josh(at)agliodbs(dot)com>, "Henry B(dot) Hotz" <hotz(at)jpl(dot)nasa(dot)gov>, Kris Jurka <books(at)ejurka(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: JAVA Support
Date: 2006-09-29 04:35:43
Message-ID: 9859.1159504543@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
"Joshua D. Drake" <jd(at)commandprompt(dot)com> writes:
> Is there any reason why we haven't built a generic authentication API?
> Something like PAM, except cross platform?

We're database geeks, not security/crypto/authentication geeks.  What
makes you think we have any particular competence to do the above?

Actually, the part of this proposal that raised my hackles the most was
the claim that GSSAPI provides a generic auth API, because that was
exactly the bill of goods we were sold in connection with PAM.  (So why
is this our problem at all --- can't you make a PAM plugin for it??)
It didn't help any that that was shortly followed by the lame admission
that no one has ever implemented anything except Kerberos underneath it.
Word to the wise, guys: go *real* soft on vaporware claims for auth
stuff, because we've seen enough of those before.

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Joshua D. DrakeDate: 2006-09-29 05:17:02
Subject: Re: JAVA Support
Previous:From: Joshua D. DrakeDate: 2006-09-29 04:18:59
Subject: Re: JAVA Support

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group