Heikki Linnakangas wrote:
> Stephen Frost wrote:
>> Honestly, for now I'm happy w/ it being a connectionstring option. It
>> seems the most appropriate place for it to go. That does mean that
>> applications may need to be modified to support gssapi (where they might
>> not have to be for sspi since it's the default), but since we're going
>> to keep krb5 support around for a bit there's time for those
>> applications to catch up without breaking things explicitly for people
>> migrating to 8.3.
>
> Isn't it possible to open the socket, try GSSAPI handshaking with
> protocol, and fall back to krb5 protocol if that fails? If that's not
> possible, how about handling it like we handle postgres protocol 3 vs 2?
> Connect using GSSAPI first, and if that fails, retry with krb5.
The issue is *not* about GSSAPI vs krb5. It's with GSSAPI vs SSPI.
The wire protocol is the same for them. It's a matter of which *client
library* should be used to produce the packets that go over the network.
//Magnus
