On Sun, Mar 19, 2023 at 06:53:28PM -0400, Tom Lane wrote:
> 9.2 is still within our "supported old versions" window, so it's
> at least plausible that somebody would hit this for KRB5. Still,
> the net effect would be that they'd get "authentication method 2
> not supported" instead of "Kerberos 5 authentication not supported".
> I lean (weakly) to the idea that it's no longer worth the translation
> maintenance effort to keep the special message.
>
> A compromise could be to drop KRB4 but keep the KRB5 case for
> awhile yet.
Hmm. I think that I would still drop both of them at the end, even in
v16 but I won't fight hard on that, either. The only difference is
the verbosity of the error string generated, and there is still a
trace of what the code numbers were in pqcomm.h.
> One other thought is that I don't really like these comments
> implying that recycling these AUTH_REQ codes might be a good
> thing to do:
>
> +/* 1 is available. It was used for Kerberos V4, not supported any more */
>
> I think we'd be better off treating them as permanently retired.
> It's not like there's any shortage of code space to worry about.
> More, there might be other implementations of our wire protocol
> that still have support for these codes, so that re-using them
> could cause compatibility issues. So maybe write "reserved"
> instead of "available"?
Okay, fine by me.
--
Michael
