Re: [PATCH v18] GSSAPI encryption support

From: Nico Williams <nico(at)cryptonector(dot)com>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Robbie Harwood <rharwood(at)redhat(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [PATCH v18] GSSAPI encryption support
Date: 2018-08-06 18:26:55
Message-ID: 20180806182654.GU5695@localhost
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Mon, Aug 06, 2018 at 10:36:34AM -0400, Stephen Frost wrote:
> * Heikki Linnakangas (hlinnaka(at)iki(dot)fi) wrote:
> > Sorry if this sounds facetious, but:
> >
> > What is the point of this patch? What's the advantage of GSSAPI encryption
> > over SSL? I was hoping to find the answer by reading the documentation
> > changes, but all I can see is "how" to set it up, and nothing about "why".
> If you've already got an existing Kerberos environment, then it's a lot
> nicer to leverage that rather than having to also implement a full PKI
> to support and use SSL-based encryption.
> There's also something to be said for having alternatives to OpenSSL.

Those two reasons would be my motivation if I were implementing this,
and they are some of the reasons I did a code review.


In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Jeremy Evans 2018-08-06 18:32:05 Fix hints on CREATE PROCEDURE errors
Previous Message Andrey Borodin 2018-08-06 18:12:00 Re: GiST VACUUM