Added to TODO: * Add 'hostgss' pg_hba.conf option to allow GSS link-level encryption
http://archives.postgresql.org/pgsql-hackers/2008-07/msg01454.php --------------------------------------------------------------------------- Henry B. Hotz wrote: > What's the time frame for 8.4? > > I'm making no promises, but what would people think of a hostgss hba > option? > > Using it would imply the gssapi/sspi authentication option. It would > be mutually exclusive of the ssl link-encryption option. It would > support strong encryption of the whole connection without the need to > get X509 certs deployed (which would be a big win if you're using > gssapi/sspi authentication anyway). > > The thing that prevented me from including it in the gssapi patches I > did for 8.3 was that I couldn't disentangle the program logic to the > point of inserting the gssapi security layer code above the SSL code > and below everything else. I'm thinking that doing both is pretty > much an edge case, so I propose to do gssapi security layers instead > of SSL. The mods are a lot more obvious. > > I'm *NOT* proposing to make build support of gssapi security layers > exclusive of SSL. You might, for example, configure a server to > support username/password over SSL for intra-net addresses, but > support gssapi for Internet addresses. > > ------------------------------------------------------ > The opinions expressed in this message are mine, > not those of Caltech, JPL, NASA, or the US Government. > [EMAIL PROTECTED], or [EMAIL PROTECTED] > > > > > -- > Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-hackers -- Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
