Re: [PATCH v4] GSSAPI encryption support

From: Robbie Harwood <rharwood(at)redhat(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: [PATCH v4] GSSAPI encryption support
Date: 2016-02-10 21:06:59
Views: Raw Message | Whole Thread | Download mbox
Lists: pgsql-hackers

Hello friends,

For your consideration, here is a new version of GSSAPI encryption
support. For those who prefer, it's also available on my github:

Some thoughts:

- The overall design is different this time - GSS encryption sits in
parallel construction to SSL encryption rather than at the protocol
level - so a strict diff probably isn't useful.

- The GSSAPI authentication code has been moved without modification.
In doing so, the temptation to modify it (flags, error checking, that
big comment at the top about things from Athena, etc.) is very large.
I do not know whether these changes are best suited to another patch
in this series or should be reviewed separately. I am also hesitant
to add things beyond the core before I am told this is the right

- There's no fallback here. I wrote fallback support for versions 1-3,
and the same design could apply here without too much trouble, but I
am hesitant to port it over before the encryption design is approved.
I strongly suspect you will not want to merge this without fallback
support, and that makes sense to me.

- The client and server code look a lot like each other. This
resemblance is not exact, and my understanding is that server and
client need to compile independently, so I do not know of a way to
rectify this. Suggestions are welcome.


Attachment Content-Type Size
v4-GSSAPI-encryption-support.patch text/x-diff 56.1 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2016-02-10 21:07:39 Re: Moving responsibility for logging "database system is shut down"
Previous Message Oleg Bartunov 2016-02-10 20:59:29 Re: old bug in full text parser