This is great. I've worked on 2 projects in the last year that desperately needed this. It will certainly make the security model more seamless...
-Paul Magnus Hagander-2 wrote: > > A quick status update on the SSPI authentication part of the GSSAPI > project. > > I have libpq SSPI working now, with a few hardcoded things still in > there to be fixed. But it means that I can connect to a linux server > using kerberos/GSSAPI *without* the need to set up MIR Kerberos > libraries and settings on the client. This is great :-) The code is > fairly trivial. > > I've set it up as a different way of doing GSSAPI authentication. This > means that if you can't have both SSPI and MIT KRB GSSAPI in the same > installation. I don't see a problem with this - 99.9% of windows users > will just want the SSPI version anyway. But I figured I'd throw it out > here to see if there are any objections to this? > > I'd like to make this enabled by default on Win32, since all supported > windows platforms have support for it. Then we can add a configure > option to turn it *off* if we want to. Comments? Do we even need such an > option? > > Right now, the SSPI path is hardcoded to just support Kerberos. Once we > have both client and server with SSPI support I see no reason to keep > this restriction. Anybody against that? (Not saying that'll happen for > 8.3, because it certainly needs a bunch of extra testing, but eventually) > > > //Magnus > > ---------------------------(end of broadcast)--------------------------- > TIP 6: explain analyze is your friend > > -- View this message in context: http://www.nabble.com/SSPI-authentication-tf4090227.html#a11654750 Sent from the PostgreSQL - hackers mailing list archive at Nabble.com. ---------------------------(end of broadcast)--------------------------- TIP 7: You can help support the PostgreSQL project by donating at http://www.postgresql.org/about/donate
