Re: Design Considerations for New Authentication Methods
Josh Berkus <josh@agliodbs.com>
From: Josh Berkus <josh@agliodbs.com>
To: pgsql-hackers@postgresql.org
Cc: "Magnus Hagander" <mha@sollentuna.net>, mark@mark.mielke.cc, "Joshua D. Drake" <jd@commandprompt.com>, "Tom Lane" <tgl@sss.pgh.pa.us>, "Andrew Sullivan" <ajs@crankycanuck.ca>
Date: 2006-11-04T20:03:12Z
Lists: pgsql-hackers
Tom, Josh, etc.: > But if you're looking for a "big application" that uses Kerberos, > there's that pesky thing called Windows. Every single Windows machine in > an active directory domain environment is a Kerberos client, and uses > Kerberos for authentication to all network services. Kerberos with GSSAPI is also widely used for Solaris, so supporting it helps a lot in getting a large proportion of Solaris users to adopt PostgreSQL. > So Kerberos is definitly big. And more and more apps do support GSSAPI > for authentication. Not that many apps support "raw kerberos" as pgsql > does, probably because it does have some compatibility issues and such > things. Yes ... if we were looking to cut down on both code and dependency bugs, we might consider desupporting "raw Kerberos". At this point, I think that everyone who supports Kerberos supports GSSAPI, unless we're still committed to supporting users of Red Hat 7.0 (Tom?). -- Josh Berkus PostgreSQL @ Sun San Francisco