Re: CVS-tip; SSLmode & Kerberos - Mailing list pgsql-odbc

From Hiroshi Inoue
Subject Re: CVS-tip; SSLmode & Kerberos
Date
Msg-id 443EF011.1050105@tpf.co.jp
Whole thread Raw
In response to CVS-tip; SSLmode & Kerberos  ("Dave Page" <dpage@vale-housing.co.uk>)
Responses Re: CVS-tip; SSLmode & Kerberos
List pgsql-odbc
Dave Page wrote:
> Hi,
>
> I've just had some testing done by Magnus Hagander who uses psqlODBC in
> a kerberos environment and a couple of minor issues came to light:
>
> - Kerberos authentication (and therefore other features of libpq like
> pgpass) can only be used if sslmode != d. This is because the original
> CC_connect code is used instead of libpq in this case. Is there any
> reason to not use libpq all the time regardless of sslmode (if it's
> available of course)?

Because I don't want to use libpq if it's possible.
The current implementation doesn't need libpq at all except
when you need SSL, kerberos or ipv6 etc connection/authentication.
I don't know what libraries the libpq would need in the future
but it's quite unpleasant for me if the psqlodbc driver can't
be loaded with tha lack of needeless librairies.
In addtion using the native connection has the following 2 points
at least.
1. The driver sets some session default parameters(DateStyle,
    client_encoding etc) using start-up message.
2. You can try V2 protocol implementation when the V3 implementation
    has some bugs or performance issues.
    (personally It's hard for me to test v2 protocol implementation
    without using the functionality because I don't have pre 7.4
    server personally.)

> - sslmode defaults to 'disable'. If libpq is available, 'prefer' would
> seem the more secure default option. Any reason we should not change
> this as well?

There's no reason other than it's my default.

regards,
Hiroshi Inoue

pgsql-odbc by date:

Previous
From: Hiroshi Inoue
Date:
Subject: Re: psqlodbc patches to unsiged short wchar definition on
Next
From: "Hiroshi Saito"
Date:
Subject: Re: Promoting the enhanced branch