* Lionel Elie Mamane (lionel@mamane.lu) wrote:
> The "gsslib" parameter in the connection string won't work, but will
> that keep users from authenticating to some Kerberos domains, and/or
> are there other (interoperability?) issues that make it strongly
> desirable to link libpq with *both* SSPI *and* MIT krb5 (and its
> gssapi_krb5 library)?
The MIT KRB5 library on Windows is more-or-less defunct now, as I
understand it. pgAdmin3 hasn't been linking against it due to unfixed
security bugs (that don't seem likely to ever be fixed) and because it's
horribly painful to maintain.
The gist of the limitation is this- if you need to support decent
encryption in a cross-realm environment on Windows XP-age systems, you
need MIT KRB5. If you're on Windows 7 or something else recent, the
built-in Windows stuff w/ AES works fine.
Thanks,
Stephen
