Re: [PATCH v20] GSSAPI encryption support

Robbie Harwood <rharwood@redhat.com>

From: Robbie Harwood <rharwood@redhat.com>
To: Stephen Frost <sfrost@snowman.net>
Cc: Bruce Momjian <bruce@momjian.us>, Magnus Hagander <magnus@hagander.net>, Joe Conway <mail@joeconway.com>, Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, Alvaro Herrera <alvherre@2ndquadrant.com>, David Steele <david@pgmasters.net>, Michael Paquier <michael@paquier.xyz>, Nico Williams <nico@cryptonector.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2019-04-11T17:40:49Z
Lists: pgsql-hackers
Stephen Frost <sfrost@snowman.net> writes:

> Robbie Harwood (rharwood@redhat.com) wrote:
>> Bruce Momjian <bruce@momjian.us> writes:
>>> Magnus Hagander wrote:
>>>> Joe Conway <mail@joeconway.com> wrote:
>>>>
>>>> If it was on the table it might have been better to keep hostgss
>>>> and change the authentication method to gssauth or something, but
>>>> that ship sailed *years* ago.
>>>
>>> Uh, did we consider keeping hostgss and changing the auth part at
>>> the end to "gssauth"?
>> 
>> I think that was implicitly rejected because we'd have to keep the
>> capability to configure "gss" there else break compatibility.
>
> Right, if we changed the name of the auth method then everyone who is
> using the "gss" auth method would have to update their pg_hba.conf
> files...  That would be very ugly.  Also, it wasn't implicitly
> rejected, it was discussed up-thread (see the comments between Magnus
> and I, specifically, quoted above- "that ship sailed *years* ago") and
> explicitly rejected.

Apologies, you're right of course.  I intended to say why *I* had
rejected it but got bit by the passive voice.

Thanks,
--Robbie

Commits

  1. GSSAPI encryption support

  2. Fix typo