Hi,
I've just had some testing done by Magnus Hagander who uses psqlODBC in
a kerberos environment and a couple of minor issues came to light:
- Kerberos authentication (and therefore other features of libpq like
pgpass) can only be used if sslmode != d. This is because the original
CC_connect code is used instead of libpq in this case. Is there any
reason to not use libpq all the time regardless of sslmode (if it's
available of course)?
- sslmode defaults to 'disable'. If libpq is available, 'prefer' would
seem the more secure default option. Any reason we should not change
this as well?
Regards, Dave.