Re: Postgresql 8.4 GSSAPI auth with fallback to password prompting? - Mailing list pgsql-admin

From Stephen Frost
Subject Re: Postgresql 8.4 GSSAPI auth with fallback to password prompting?
Date
Msg-id 20130325151751.GN4361@tamriel.snowman.net
Whole thread Raw
In response to Re: Postgresql 8.4 GSSAPI auth with fallback to password prompting?  (Tim Watts <tim.j.watts@kcl.ac.uk>)
List pgsql-admin
Tim,

* Tim Watts (tim.j.watts@kcl.ac.uk) wrote:
> I presume the protocol does not allow the server to send a succession of
> "Type: Authentication request" packets with different Authentication
> types until it deems that one is acceptable?

Even if it did, existing clients would very likely be confused by it..

To be honest, I don't have a solution in mind for how to make this
happen, I was really just pointing out that there's a difference between
"we won't do that because we don't trust the sysadmin" and "that's not
an option due to how the system works today".  Perhaps one option would
be to look at the Negotiate protocol which mod_auth_kerb and friends use
and perhaps have that as an explicitly new auth mechanism.  A server set
up to provide that would, of course, have to consider if its users
supported it or not but that's true already- you can have situation
already though, a given client might not support gssapi, for example.

    Thanks,

        Stephen

Attachment

pgsql-admin by date:

Previous
From: Tim Watts
Date:
Subject: Re: Postgresql 8.4 GSSAPI auth with fallback to password prompting?
Next
From: Tim Watts
Date:
Subject: Re: Postgresql 8.4 GSSAPI auth with fallback to password prompting?