Skip site navigation (1) Skip section navigation (2)

Re: SSPI authentication - patch

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: pgsql-patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: SSPI authentication - patch
Date: 2007-07-20 16:47:35
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-patches
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> Stephen Frost wrote:
>> That's true, but if we used upper-case with something NEW (SSPI) while
>> keeping it the same for the OLD (KRB5, and I'd vote GSSAPI) then we're
>> not breaking backwards compatibility while also catering to the masses.
>> I guess I don't see too many people using SSPI w/ an MIT KDC, and it
>> wasn't possible previously anyway.
>> What do you think?

> Hmm. It makes the default a lot less clear, and opens up for confusion.
> So I'm not so sure I like it :-)

A non-backward-compatible behavior change is going to cause a lot of
confusion too.

If I have things straight (and I'm not sure I do) then we are treating
sspi as a different type of auth method.  It would be sane, or at least
explainable, to have a different default name for the different auth
method.  I think a platform-dependent default would seriously suck,
and changing the default behavior for existing configurations would
break things.  So Stephen's suggestion seemed plausible to me.

			regards, tom lane

In response to


pgsql-patches by date

Next:From: Patrick WelcheDate: 2007-07-20 17:32:39
Subject: Re: / xml / quoting trouble
Previous:From: Magnus HaganderDate: 2007-07-20 16:18:13
Subject: Re: SSPI authentication - patch

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group