Robbie Harwood <rharwood@redhat.com> writes:
> So there's a connection setting `sslmode` that we'll want something
> similar to here (`gssapimode` or so). `sslmode` has six settings, but I
> think we only need three for GSSAPI: "disable", "allow", and "prefer"
> (which presumably would be the default).
FWIW, there is quite a bit of unhappiness around sslmode=prefer, see
for example this thread:
https://www.postgresql.org/message-id/flat/2A5EFBDC-41C6-42A8-8B6D-E69DA60E9962%40eggerapps.at
I do not know if we can come up with a better answer, but I'd caution
you against thinking that that's a problem-free model to emulate.
regards, tom lane
