Bear Giles <bgiles@coyotesong.com> writes:
> 1) add SASL. This is a new standards-track protocol that is often
> described as "PAM" for network authentication. PostgreSQL could
> remove *all* protocol-specific authentication code and use
> standard plug-in libraries instead.
To me, "new standards-track protocol" translates as "pie in the sky".
When will there be tested, portable, BSD-license libraries that we
could *actually* use? I'm afraid this really would end up meaning
writing and/or supporting our own SASL code ... and I think there
are more important things for the project to be doing.
IMHO we've got more than enough poorly-supported authentication options
already. Unless you can make a credible case that using SASL would
allow us to rip out PAM, Kerberos, MD5, etc *now* (not "in a few releases
when everyone's switched to SASL"), I think this will end up just being
another one :-(.
(It doesn't help any that PAM support was sold to us just one release
cycle back on the same grounds that it'd be the last authentication
method we'd need to add. I'm more than a tad wary now...)
> 2) add ZLIB compression.
Why do people keep wanting to reinvent SSH tunneling?
regards, tom lane
