Greetings, * Thomas Munro (thomas.mu...@gmail.com) wrote: > I also know that a motivated user could also use GSSAPI instead of > LDAP. Do you think we should update the manual to say so, perhaps in > a "tip" box on the LDAP auth page?
Hrm, not sure how I missed this before, but, yes, I'm all for adding a 'tip' box on the LDAP auth page which recommends use of GSSAPI when available (such as when operating in an Active Directory environment...). Note that, technically, you can run LDAP without using Active Directory and without running any kind of KDC, so we can't just blanket say "use GSSAPI" because there exists use-cases where that isn't an option. Not that I've ever actually *encountered* such an environment, but people have assured me that they do, in fact, exist, and that there are users of PG LDAP auth with such a setup who would be upset to see support for it removed. Anyhow, yes, a 'tip' would be great to add. Thanks, Stephen
signature.asc
Description: PGP signature
