| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "Henry B(dot) Hotz" <hbhotz(at)oxy(dot)edu>, Stephen Frost <sfrost(at)snowman(dot)net>, pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: Preliminary GSSAPI Patches |
| Date: | 2007-10-10 17:53:17 |
| Message-ID: | 470D118D.50300@hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Tom Lane wrote:
> "Henry B. Hotz" <hbhotz(at)oxy(dot)edu> writes:
>> You know, I don't know what I was thinking when I sent this. My
>> apologies for the late correction.
>>
>> Anyone who has a copy of the "host" keys for a machine can
>> manufacture kerberos tickets for the "host" service on that machine
>> masquerading as absolutely anyone (including people who don't
>> exist). Same for the "postgres" keys, and if the postgres server can
>> steal the host keys (or vice versa) then it's even worse.
>> [snip...]
>
> Maybe I'm too dense, but I don't see a conclusion here. Do we need to
> change our code, our docs, both, or neither?
I don't think we do. If you use service keys per our documentation, you
should be fine. And if someone owns your host keys, you lost already.
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sergey V. Karpov | 2007-10-10 18:24:55 | Re: Preliminary patch for tsearch example dictionaries/parsers in contrib |
| Previous Message | Tom Lane | 2007-10-10 17:06:32 | Re: Preliminary GSSAPI Patches |