Re: Fwd: [PATCHES] Preliminary GSSAPI Patches

Henry B. Hotz <hotz@jpl.nasa.gov>

From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Stefan Kaltenbrunner <stefan@kaltenbrunner.cc>, josh@agliodbs.com, pgsql-hackers@postgresql.org, Magnus Hagander <magnus@hagander.net>
Date: 2007-05-01T21:34:07Z
Lists: pgsql-hackers
On May 1, 2007, at 1:32 PM, Tom Lane wrote:

> Stefan Kaltenbrunner <stefan@kaltenbrunner.cc> writes:
>> Josh Berkus wrote:
>>> For now, yes.  In the long run, we want to provide users with  
>>> other methods
>>> of encrypted connections than the rather flaky and
>>> not-available-on-every-platform OpenSSL.
>
>> I'm curious - on what platform is OpenSSL NOT available ?
>
> And even more curious to see you defend that offhanded bashing of  
> OpenSSL,
> a tool a whole lot of people (including me) depend on all day every  
> day.
> If Postgres had the market penetration of OpenSSL, our lives would  
> be a
> lot different.  Have you got even a shred of evidence that GSSAPI is
> more stable than OpenSSL?
>
> 			regards, tom lane

Windows?  I don't do Windows, so I'm guessing.

If you accept that Microsoft's SSPI is a flavor of GSSAPI, then  
GSSAPI is more widely supported and probably more stable on Windows  
machines than OpenSSL is.

------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu