This is great. I've worked on 2 projects in the last year that desperately
needed this. It will certainly make the security model more seamless...
-Paul
Magnus Hagander-2 wrote:
>
> A quick status update on the SSPI authentication part of the GSSAPI
> project.
>
> I have libpq SSPI working now, with a few hardcoded things still in
> there to be fixed. But it means that I can connect to a linux server
> using kerberos/GSSAPI *without* the need to set up MIR Kerberos
> libraries and settings on the client. This is great :-) The code is
> fairly trivial.
>
> I've set it up as a different way of doing GSSAPI authentication. This
> means that if you can't have both SSPI and MIT KRB GSSAPI in the same
> installation. I don't see a problem with this - 99.9% of windows users
> will just want the SSPI version anyway. But I figured I'd throw it out
> here to see if there are any objections to this?
>
> I'd like to make this enabled by default on Win32, since all supported
> windows platforms have support for it. Then we can add a configure
> option to turn it *off* if we want to. Comments? Do we even need such an
> option?
>
> Right now, the SSPI path is hardcoded to just support Kerberos. Once we
> have both client and server with SSPI support I see no reason to keep
> this restriction. Anybody against that? (Not saying that'll happen for
> 8.3, because it certainly needs a bunch of extra testing, but eventually)
>
>
> //Magnus
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: explain analyze is your friend
>
>
--
View this message in context: http://www.nabble.com/SSPI-authentication-tf4090227.html#a11654750
Sent from the PostgreSQL - hackers mailing list archive at Nabble.com.
