| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "Todd M(dot) Kover" <kovert(at)omniscient(dot)com>, Nico Williams <nico(at)cryptonector(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: pg16 && GSSAPI && Heimdal/Macos |
| Date: | 2025-05-28 16:25:08 |
| Message-ID: | CAOYmi+mTpY0=rdof0OnSfZKwHtn3Ct+aW9RXvHSrYFqp4r4kQQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, May 28, 2025 at 8:53 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Even granting that we're okay with letting people build against
> Heimdal, I'm not clear on the path forward. Your patch proposes
> to effectively disable gss_accept_delegation, which isn't real
> palatable (and would require docs and test fixes that aren't there).
> Nico seemed to think that there is a way to perform delegation
> without using gss_store_cred_into; if we could avoid that loss of
> functionality, it'd go a long way towards making the idea more
> acceptable. I also wonder about whether we ought to try to use
> GSS.framework on Mac.
Personally, I'd be more happy to "maintain GSS on Mac using
non-deprecated interfaces" than "maintain GSS via Heimdal,
best-effort, some of the time". I think the former puts less of a
burden on our testing matrix.
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2025-05-28 16:34:22 | Re: PG 18 release notes draft committed |
| Previous Message | Tom Lane | 2025-05-28 15:53:09 | Re: pg16 && GSSAPI && Heimdal/Macos |