Re: [PATCH v20] GSSAPI encryption support

Bruce Momjian <bruce@momjian.us>

From: Bruce Momjian <bruce@momjian.us>
To: Magnus Hagander <magnus@hagander.net>
Cc: Joe Conway <mail@joeconway.com>, Stephen Frost <sfrost@snowman.net>, Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, Alvaro Herrera <alvherre@2ndquadrant.com>, David Steele <david@pgmasters.net>, Michael Paquier <michael@paquier.xyz>, Nico Williams <nico@cryptonector.com>, Robbie Harwood <rharwood@redhat.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2019-04-09T15:36:24Z
Lists: pgsql-hackers
On Wed, Apr  3, 2019 at 08:49:25AM +0200, Magnus Hagander wrote:
> On Wed, Apr 3, 2019 at 12:22 AM Joe Conway <mail@joeconway.com> wrote:
>     Personally I don't find it as confusing as is either, and I find hostgss
>     to be a good analog of hostssl. On the other hand hostgssenc is long and
>     unintuitive. So +1 for leaving as is and -1 one for changing it IMHO.
> 
> 
> I think for those who are well versed in pg_hba (and maybe gss as well), it's
> not confusing. That includes me.
> 
> However, for a new user, I can definitely see how it can be considered
> confusing. And confusion in *security configuration* is always a bad idea, even
> if it's just potential.
> 
> Thus +1 on changing it.
> 
> If it was on the table it might have been better to keep hostgss and change the
> authentication method to gssauth or something, but that ship sailed *years*
> ago.

Uh, did we consider keeping hostgss and changing the auth part at the
end to "gssauth"?

-- 
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I.  As I am, so you will be. +
+                      Ancient Roman grave inscription +



Commits

  1. GSSAPI encryption support

  2. Fix typo