From: | "Magnus Hagander" <mha(at)sollentuna(dot)net> |
---|---|
To: | "Henry B(dot) Hotz" <hotz(at)jpl(dot)nasa(dot)gov>, "Stephen Frost" <sfrost(at)snowman(dot)net> |
Cc: | <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Design Considerations for New Authentication Methods |
Date: | 2006-11-02 09:18:35 |
Message-ID: | 6BCB9D8A16AC4241919521715F4D8BCEA35892@algol.sollentuna.se |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> > * Henry B. Hotz (hotz(at)jpl(dot)nasa(dot)gov) wrote:
> >> I've been looking at adding SASL or GSSAPI as an auth
> method. I have
> >> some questions about how to handle the flow of control changes.
> >
> > Great! I'd love to see that implemented, personally, so if you're
> > looking for help, please let me know.
>
> Thank you. I will! ;-)
>
> Do you know Java? I'm doing this ultimately because I want
> the JDBC driver to support encrypted connections with
> Kerberos and without needing SSL. As an added plus a
> Windows-native client should support it.
Interesting, I thought you were going for the authentication only.
What's the real gain in doing Kerberos encryption over SSL encryption?
Doesn't Java come with SSL support anyway these days?
> My main hesitation between SASL and GSSAPI is that the
> Windows equivalent APIs for SASL have not received the same
> degree of interoperability testing as SSPI<-->GSSAPI. I
> don't have a published example to crib from. For general
> information the relevant calls are at the bottom of
> <http://msdn.microsoft.com/library/default.asp?url=/
> library/en-us/secauthn/security/authentication_functions.asp>.
One reason for this could be that they appear to be available only on
server platforms, and not on cilents, if you look at the documentation.
That said, I have the DLL file and the export functions on my XP
machine, so it's definitly present there - I'm unsure if it *works* or
is supported. My registry does indicate that I have the GSSAPI profile
for SASL, which would be an indication that it should.
//Magnus
From | Date | Subject | |
---|---|---|---|
Next Message | tomas | 2006-11-02 10:00:15 | Re: [HACKERS] Index greater than 8k |
Previous Message | Simon Riggs | 2006-11-02 08:45:39 | Re: Writing WAL for relcache invalidation:pg_internal.init |