|From:||Robbie Harwood <rharwood(at)redhat(dot)com>|
|Subject:||Re: [PATCH v4] GSSAPI encryption support|
|Views:||Raw Message | Whole Thread | Download mbox|
For your consideration, here is a new version of GSSAPI encryption
support. For those who prefer, it's also available on my github:
- The overall design is different this time - GSS encryption sits in
parallel construction to SSL encryption rather than at the protocol
level - so a strict diff probably isn't useful.
- The GSSAPI authentication code has been moved without modification.
In doing so, the temptation to modify it (flags, error checking, that
big comment at the top about things from Athena, etc.) is very large.
I do not know whether these changes are best suited to another patch
in this series or should be reviewed separately. I am also hesitant
to add things beyond the core before I am told this is the right
- There's no fallback here. I wrote fallback support for versions 1-3,
and the same design could apply here without too much trouble, but I
am hesitant to port it over before the encryption design is approved.
I strongly suspect you will not want to merge this without fallback
support, and that makes sense to me.
- The client and server code look a lot like each other. This
resemblance is not exact, and my understanding is that server and
client need to compile independently, so I do not know of a way to
rectify this. Suggestions are welcome.
|Next Message||Robert Haas||2016-02-10 21:07:39||Re: Moving responsibility for logging "database system is shut down"|
|Previous Message||Oleg Bartunov||2016-02-10 20:59:29||Re: old bug in full text parser|