Re: [PATCH v12] GSSAPI encryption support
Michael Paquier <michael.paquier@gmail.com>
From: Michael Paquier <michael.paquier@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Robbie Harwood <rharwood@redhat.com>, Stephen Frost <sfrost@snowman.net>, PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2016-04-08T02:17:09Z
Lists: pgsql-hackers
On Thu, Apr 7, 2016 at 8:20 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote: > Robbie Harwood <rharwood@redhat.com> writes: >> Tom Lane <tgl@sss.pgh.pa.us> writes: >>> Wait a second. So the initial connection-request packet is necessarily >>> unencrypted under this scheme? > >> Yes, by necessity. The username must be sent in the clear, even if only >> as part of the GSSAPI handshake (i.e., the GSSAPI username will appear >> in plantext in the GSSAPI blobs which are otherwise encrypted). GSSAPI >> performs authentication before it can start encryption. > > Ugh. I had thought we were putting work into this because it represented > something we could recommend as best practice, but now you're telling me > that it's always going to be inferior to what we have already. It does not seem necessary to have an equivalent of pqsecure_open_client, just some extra handling in fe-connect.c to set up the initial context with a proper message handling... Not that direct anyway. So should the patch be marked as returned with feedback at this stage? -- Michael
Commits
-
GSSAPI encryption support
- b0b39f72b990 12.0 landed
-
Fix typo
- 57c932475504 9.6.0 cited