On Mon, Aug 06, 2018 at 10:36:34AM -0400, Stephen Frost wrote:
> * Heikki Linnakangas (hlinnaka@iki.fi) wrote:
> > Sorry if this sounds facetious, but:
> >
> > What is the point of this patch? What's the advantage of GSSAPI encryption
> > over SSL? I was hoping to find the answer by reading the documentation
> > changes, but all I can see is "how" to set it up, and nothing about "why".
>
> If you've already got an existing Kerberos environment, then it's a lot
> nicer to leverage that rather than having to also implement a full PKI
> to support and use SSL-based encryption.
>
> There's also something to be said for having alternatives to OpenSSL.
Those two reasons would be my motivation if I were implementing this,
and they are some of the reasons I did a code review.
Nico
--
