On Wed, 14 Nov 2001, Peter Eisentraut wrote:
> No idea about the deprecatedness, but our Kerberos code does compile with
> the Kerberos V shipped in Red Hat 7.0 (MIT, I think), and the Kerberos IV
> code compiled successfully with KTH Kerberos last time I checked.
>
> However, most of the three people that ever mentioned anything detailed
> about the Kerberos support in PostgreSQL had the sound of "fundementally
> flawed", "totally insecure", etc.
I'll admit our kerberos support was NOT what I expected it to be when I
got it working; I was quite surprised to see all of the queries going by
in the clear.
It depends on what you want. If you want to not have clear-text passwords
go by and to have a very good idea who the person on the other side of the
session is, then this kerberos support does that. No one will be able to
sniff a password off of this. It's like kpop or telnet -a
If you expected an encrypted session, well, you don't get it. This isn't
telnet -ax. :-(
Is there interest in supporting encrypted sessions? I can think of two
ways to do it: 1) in addition to kerberos as an authentication, we also
add kerbers-priv which is the current kerberos but we switch to encryption
once we indicate successful authentication. 2) we add a start-encrypting
command to the protocol.
I dislike 2) as the best encryption key to use is the one we got with the
authentication step, which we'd have to hang onto for a while in case we
decided to start encrypting.
Take care,
Bill
