| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Deprecations in authentication |
| Date: | 2012-10-19 00:21:00 |
| Message-ID: | 1350606060.17407.4.camel@vanquo.pezone.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, 2012-10-18 at 13:20 +0200, Magnus Hagander wrote:
> In particular, we made a couple of changes over sveral releases back
> in the authentication config, that we should perhaps consider
> finishing by removing the old stuff now?
>
> 1. krb5 authentication. We've had gssapi since 8.3 (which means in all
> supported versions). krb5 has been deprecated, also since 8.3. Time to
> remove it?
>
> 2. ident-over-unix-sockets was renamed to "peer" in 9.1, with the old
> syntax deprecated but still mapping to the new one. Has it been there
> long enough that we should start throwing an error for ident on unix?
>
The hba syntax changes between 8.3 and 8.4 continue to annoy me to this
day, so I'd like to avoid these in the future, especially if they are
for mostly cosmetic reasons. I think any change should be backward
compatible to all supported versions, or alternatively to 8.4, since
that's incompatible with 8.3 anyway. (Those two will be the same before
9.3 goes out.)
So, in my opinion, krb5 could be removed, assuming that gssapi is a full
substitute. But ident-over-unix-sockets should stay, at least until 9.0
is EOL.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2012-10-19 00:23:16 | Re: Deprecations in authentication |
| Previous Message | Claudio Freire | 2012-10-18 22:42:55 | Re: [PATCH] Prefetch index pages for B-Tree index scans |