On Thu, Sep 28, 2023 at 09:55:43AM -0400, Bruce Momjian wrote: > On Wed, Sep 27, 2023 at 07:09:02PM -0400, Bruce Momjian wrote: > > On Sun, Mar 12, 2023 at 08:36:53PM -0400, Stephen Frost wrote: > > > > When the server is on a non-Windows platform then the server must use > > > > GSSAPI > > > > if it wants to authenticate the client either via Kerberos or via Active > > > > Directory. A client on a Windows platform that connects to a non-Windows > > > > Postgresql server can either use SSPI (strongly encouraged) or GSS (much > > > > more difficult to set up) if it wants to authenticate via Kerberos or > > > > Active > > > > Directory. A client from a non-Windows platform must use GSS if it > > > > wants to > > > > authenticate via Kerberos or Active Directory." > > > > > > Rather than work in negative, I feel like it might make more sense to > > > work in positives? That is, perhaps this instead: > > > > > > On Windows platforms, SSPI is the default and most commonly used > > > mechanism. Note that an SSPI client can authenticate to a server which > > > is using either SSPI or GSSAPI, and a GSSAPI client can authenticate to > > > a server which is using either SSPI or GSSAPI. Generally speaking, > > > clients and servers on Windows are recommended to use SSPI while clients > > > and servers on Unix (non-Windows) platforms use GSSAPI. > > > > I developed the attached patch. > > My first attempt was too terse, so here is a more detailed version, > attached.
Patch applied back to PG 11. -- Bruce Momjian <br...@momjian.us> https://momjian.us EDB https://enterprisedb.com Only you can decide what is important to you.
