Re: Design Considerations for New Authentication Methods

Joshua D. Drake <jd@commandprompt.com>

From: "Joshua D. Drake" <jd@commandprompt.com>
To: Magnus Hagander <mha@sollentuna.net>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, josh@agliodbs.com, pgsql-hackers@postgresql.org, Andrew Sullivan <ajs@crankycanuck.ca>
Date: 2006-11-03T16:27:36Z
Lists: pgsql-hackers
>> To be honest, I have often wondered *why* we support kerberos 
>> outside of the uber l33t geek factor. I have not once in a 
>> commercial deployment had a business requirement for the 
>> beast. LDAP? Now that is a whole other issue :)
> 
> Single sign-on in a Windows/AD environment (I'm talking clients on
> windows, servers on linux here - at least in my case). I know several
> people who use it, most just don't post here ;-)

Wouldn't the LDAP auth in 8.2 resolve that?

> 
> Now, it would likely be a lot *easier* to do this with GSSAPI than the
> pure kerberos stuff we have now, given that the Windows native APIs
> support GSSAPI compatible stuff, but not the stuff we have now.

Nod.

Sincerely,

Joshua D. Drake



> 
> //Magnus
> 


-- 

      === The PostgreSQL Company: Command Prompt, Inc. ===
Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240
Providing the most comprehensive  PostgreSQL solutions since 1997
             http://www.commandprompt.com/

Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate