Re: [PATCH v20] GSSAPI encryption support

Greetings Robbie,

On Wed, Apr 3, 2019 at 17:47 Robbie Harwood <rharwood(at)redhat(dot)com> wrote:

> Stephen Frost <sfrost(at)snowman(dot)net> writes:
>
> > On Wed, Apr 3, 2019 at 16:01 Andres Freund <andres(at)anarazel(dot)de> wrote:
> >> On 2019-04-03 10:43:33 -0400, Stephen Frost wrote:
> >>
> >>> I'll push this in a few hours unless there's anything else.
> >>
> >> The CF entry for this is still open - is there any work missing? Just
> >> trying to do some triage...
> >>
> >> https://commitfest.postgresql.org/22/1647/
> >
> > No, I was just waiting to make sure the buildfarm was happy, which it
> > seems to be. I can take care of the entry in 30m or so, or if you’d
> > like to close it out, that would be fine too.
>
> Thanks for merging! I'll stick around the mailing list/IRC for a while
> on the off-chance that anything comes up, but the project should feel
> free to reach out to me directly with Kerberos-related issues in the
> future.

Thanks so much for pushing on it for so long, it’s a great feature to have!

I would love to see Kerberos/GSSAPI grow a way to find out what the
encryption used on the connection is, as we had discussed before... Do we
know if that encryption must match the encryption type of the tickets
acquired? Would it be possible to inspect the ticket in the same way that
klist does, to determine the encryption that must be used? And similarly
the key tab on the server side? Though of course there can be more than
one but maybe we can find out which was used?

Just some thoughts for future improvements here.

Thanks!

Stephen

>