Re: Deprecations in authentication - Mailing list pgsql-hackers

From Peter Eisentraut
Subject Re: Deprecations in authentication
Date
Msg-id 1350606060.17407.4.camel@vanquo.pezone.net
Whole thread Raw
In response to Deprecations in authentication  (Magnus Hagander <magnus@hagander.net>)
List pgsql-hackers
On Thu, 2012-10-18 at 13:20 +0200, Magnus Hagander wrote:
> In particular, we made a couple of changes over sveral releases back
> in the authentication config, that we should perhaps consider
> finishing by removing the old stuff now?
> 
> 1. krb5 authentication. We've had gssapi since 8.3 (which means in all
> supported versions). krb5 has been deprecated, also since 8.3. Time to
> remove it?
> 
> 2. ident-over-unix-sockets was renamed to "peer" in 9.1, with the old
> syntax deprecated but still mapping to the new one. Has it been there
> long enough that we should start throwing an error for ident on unix?
> 
The hba syntax changes between 8.3 and 8.4 continue to annoy me to this
day, so I'd like to avoid these in the future, especially if they are
for mostly cosmetic reasons.  I think any change should be backward
compatible to all supported versions, or alternatively to 8.4, since
that's incompatible with 8.3 anyway.  (Those two will be the same before
9.3 goes out.)

So, in my opinion, krb5 could be removed, assuming that gssapi is a full
substitute.  But ident-over-unix-sockets should stay, at least until 9.0
is EOL.





pgsql-hackers by date:

Previous
From: Claudio Freire
Date:
Subject: Re: [PATCH] Prefetch index pages for B-Tree index scans
Next
From: Peter Eisentraut
Date:
Subject: Re: Deprecations in authentication