Re: [PATCH v20] GSSAPI encryption support
Bruce Momjian <bruce@momjian.us>
From: Bruce Momjian <bruce@momjian.us>
To: Magnus Hagander <magnus@hagander.net>
Cc: Joe Conway <mail@joeconway.com>, Stephen Frost <sfrost@snowman.net>, Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, Alvaro Herrera <alvherre@2ndquadrant.com>, David Steele <david@pgmasters.net>, Michael Paquier <michael@paquier.xyz>, Nico Williams <nico@cryptonector.com>, Robbie Harwood <rharwood@redhat.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2019-04-09T15:36:24Z
Lists: pgsql-hackers
On Wed, Apr 3, 2019 at 08:49:25AM +0200, Magnus Hagander wrote: > On Wed, Apr 3, 2019 at 12:22 AM Joe Conway <mail@joeconway.com> wrote: > Personally I don't find it as confusing as is either, and I find hostgss > to be a good analog of hostssl. On the other hand hostgssenc is long and > unintuitive. So +1 for leaving as is and -1 one for changing it IMHO. > > > I think for those who are well versed in pg_hba (and maybe gss as well), it's > not confusing. That includes me. > > However, for a new user, I can definitely see how it can be considered > confusing. And confusion in *security configuration* is always a bad idea, even > if it's just potential. > > Thus +1 on changing it. > > If it was on the table it might have been better to keep hostgss and change the > authentication method to gssauth or something, but that ship sailed *years* > ago. Uh, did we consider keeping hostgss and changing the auth part at the end to "gssauth"? -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
Commits
-
GSSAPI encryption support
- b0b39f72b990 12.0 landed
-
Fix typo
- 57c932475504 9.6.0 cited