Home > mailing lists

Re: Future of krb5 authentication - Mailing list pgsql-hackers

From	Magnus Hagander
Subject	Re: Future of krb5 authentication
Date	July 18, 2007 17:26:13
Msg-id	469E4D42.1040204@hagander.net Whole thread Raw
In response to	Re: Future of krb5 authentication (Stephen Frost <sfrost@snowman.net>)
Responses	Re: Future of krb5 authentication (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

Stephen Frost wrote:
> * Magnus Hagander (magnus@hagander.net) wrote:
>> The maintenance part of me suggesting getting rid of krb5 is the
>> smallest one. It being a non-standard protocol is more important, and
>> the fact that the exchange breaks the libpq protocol and is not
>> protected by SSL is the big reason.
> 
> Erm, it doesn't need to be protected by SSL?  Breaking the libpq
> protocol does kind of suck.  I assume you're not requiring SSL for the
> GSSAPI stuff...

No, no requirement. But you would certainly expect it to use it if you
have SSL on the connection.

//Magnus

pgsql-hackers by date:

From: "plabrh1"
Date: 18 July 2007, 17:25:29
Subject: Re: SSPI authentication

From: Magnus Hagander
Date: 18 July 2007, 17:26:57
Subject: Re: Future of krb5 authentication

Re: Future of krb5 authentication - Mailing list pgsql-hackers

Previous

Next