Re: [PATCH v18] GSSAPI encryption support

Nico Williams <nico@cryptonector.com>

From: Nico Williams <nico@cryptonector.com>
To: Stephen Frost <sfrost@snowman.net>
Cc: Heikki Linnakangas <hlinnaka@iki.fi>, Robbie Harwood <rharwood@redhat.com>, PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2018-08-06T18:26:55Z
Lists: pgsql-hackers
On Mon, Aug 06, 2018 at 10:36:34AM -0400, Stephen Frost wrote:
> * Heikki Linnakangas (hlinnaka@iki.fi) wrote:
> > Sorry if this sounds facetious, but:
> > 
> > What is the point of this patch? What's the advantage of GSSAPI encryption
> > over SSL? I was hoping to find the answer by reading the documentation
> > changes, but all I can see is "how" to set it up, and nothing about "why".
> 
> If you've already got an existing Kerberos environment, then it's a lot
> nicer to leverage that rather than having to also implement a full PKI
> to support and use SSL-based encryption.
> 
> There's also something to be said for having alternatives to OpenSSL.

Those two reasons would be my motivation if I were implementing this,
and they are some of the reasons I did a code review.

Nico
-- 


Commits

  1. GSSAPI encryption support

  2. Fix typo