| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Dimitry Markman <dmarkman(at)mathworks(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: How to ensure that SSPI support (Windows) enabled? |
| Date: | 2023-05-19 15:54:12 |
| Message-ID: | ZGebpJ70BqDoLL/P@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Greetings,
Please don't top-post.
* Dimitry Markman (dmarkman(at)mathworks(dot)com) wrote:
> I was asking our 3p library people how to add windows support to gss and they said that on windows we should use SSPI
They're correct.
> I’m not really familiar with either gssapi or SSPI
Kerberos support is provided through SSPI on Windows. On Linux and Unix
systems in general, it's provided through GSSAPI. On the wire, the two
are (mostly) compatible.
> I see that macOS has builtin support for gssapi, so all I need is to use –with-gssapi
On most Unix-based systems (and certainly for MacOS), you should be
installing MIT Kerberos and using that for your GSSAPI library. The
GSSAPI library included with MacOS has not been properly maintained by
Apple and is woefully out of date and using it will absolutely cause you
undue headaches.
> On linux I use MIT Kerberos that we build in our 3p environment (only linux)
Yes, MIT Kerberos on Linux makes sense.
> When I ask to build MIT Kerberos on windows that’s when I was advised simply to use SSPI
That's correct, you should be using SSPI on Windows is the vast majority
of cases.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Verite | 2023-05-19 16:06:34 | Re: Should CSV parsing be stricter about mid-field quotes? |
| Previous Message | Aleksander Alekseev | 2023-05-19 15:49:11 | "38.10.10. Shared Memory and LWLocks" may require a clarification |