Re: CVS-tip; SSLmode & Kerberos

On 14/4/06 01:42, "Hiroshi Inoue" <inoue(at)tpf(dot)co(dot)jp> wrote:

> Dave Page wrote:
>> Hi,
>>
>> I've just had some testing done by Magnus Hagander who uses psqlODBC in
>> a kerberos environment and a couple of minor issues came to light:
>>
>> - Kerberos authentication (and therefore other features of libpq like
>> pgpass) can only be used if sslmode != d. This is because the original
>> CC_connect code is used instead of libpq in this case. Is there any
>> reason to not use libpq all the time regardless of sslmode (if it's
>> available of course)?
>
> Because I don't want to use libpq if it's possible.
> The current implementation doesn't need libpq at all except
> when you need SSL, kerberos or ipv6 etc connection/authentication.
> I don't know what libraries the libpq would need in the future
> but it's quite unpleasant for me if the psqlodbc driver can't
> be loaded with tha lack of needeless librairies.
> In addtion using the native connection has the following 2 points
> at least.
> 1. The driver sets some session default parameters(DateStyle,
> client_encoding etc) using start-up message.
> 2. You can try V2 protocol implementation when the V3 implementation
> has some bugs or performance issues.
> (personally It's hard for me to test v2 protocol implementation
> without using the functionality because I don't have pre 7.4
> server personally.)

I'm not suggesting we force the use of libpq, just that the choice of
sslmode does not affect whether or not Kerberos etc. will work. That's
extremely unintuitive given that the two are completely unrelated to the end
user.

One way of course would be to provide a separate option to allow you to
disable libpq, but I don't know if that is the only/best way.

Regards, Dave