| From: | Aleksander Alekseev <aleksander(at)tigerdata(dot)com> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Cc: | Thomas Munro <thomas(dot)munro(at)gmail(dot)com> |
| Subject: | Re: Time to drop RADIUS support? |
| Date: | 2026-01-26 13:06:35 |
| Message-ID: | CAJ7c6TNS5TrAvEo343LDqWZ48J_yhSKOZ0ez0V-_feJmwFeeMw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
> 3. That mitigation would help, but in the end it's still leaky
> obfuscation of credentials + MD5-based technology that is being
> formally deprecated with a mandated replacement[2], and de facto has
> been for a long time.
>
> The real recommendation of the paper was "don't use RADIUS/UDP at
> all", and I don't want to expend energy writing a RADIUS/TLS client
> for a hypothetical user, so I think we should just delete it all, and
> stick a deprecation notice in the release branch documentation, as
> attached. That'd also mean our Windows select() and non-thread-safe
> UDP kludges can be VACUUMed.
All things considered, it sounds perfectly reasonable. +1.
--
Best regards,
Aleksander Alekseev
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Anthonin Bonnefoy | 2026-01-26 13:16:45 | Re: Auto-tune shared_buffers to use available huge pages |
| Previous Message | Heikki Linnakangas | 2026-01-26 12:33:02 | Re: Is abort() still needed in WalSndShutdown()? |