Re: [PATCH v18] GSSAPI encryption support
Nico Williams <nico@cryptonector.com>
From: Nico Williams <nico@cryptonector.com>
To: Stephen Frost <sfrost@snowman.net>
Cc: Heikki Linnakangas <hlinnaka@iki.fi>, Robbie Harwood <rharwood@redhat.com>, PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2018-08-06T18:26:55Z
Lists: pgsql-hackers
On Mon, Aug 06, 2018 at 10:36:34AM -0400, Stephen Frost wrote: > * Heikki Linnakangas (hlinnaka@iki.fi) wrote: > > Sorry if this sounds facetious, but: > > > > What is the point of this patch? What's the advantage of GSSAPI encryption > > over SSL? I was hoping to find the answer by reading the documentation > > changes, but all I can see is "how" to set it up, and nothing about "why". > > If you've already got an existing Kerberos environment, then it's a lot > nicer to leverage that rather than having to also implement a full PKI > to support and use SSL-based encryption. > > There's also something to be said for having alternatives to OpenSSL. Those two reasons would be my motivation if I were implementing this, and they are some of the reasons I did a code review. Nico --
Commits
-
GSSAPI encryption support
- b0b39f72b990 12.0 landed
-
Fix typo
- 57c932475504 9.6.0 cited