Bruce Momjian <br...@momjian.us> writes: > On Wed, Apr 3, 2019 at 08:49:25AM +0200, Magnus Hagander wrote: >> On Wed, Apr 3, 2019 at 12:22 AM Joe Conway <m...@joeconway.com> wrote: >> >> Personally I don't find it as confusing as is either, and I find >> hostgss to be a good analog of hostssl. On the other hand hostgssenc >> is long and unintuitive. So +1 for leaving as is and -1 one for >> changing it IMHO. >> >> I think for those who are well versed in pg_hba (and maybe gss as >> well), it's not confusing. That includes me. >> >> However, for a new user, I can definitely see how it can be >> considered confusing. And confusion in *security configuration* is >> always a bad idea, even if it's just potential. >> >> Thus +1 on changing it. >> >> If it was on the table it might have been better to keep hostgss and >> change the authentication method to gssauth or something, but that >> ship sailed *years* ago. > > Uh, did we consider keeping hostgss and changing the auth part at the > end to "gssauth"?
I think that was implicitly rejected because we'd have to keep the capability to configure "gss" there else break compatibility. Thanks, --Robbie
signature.asc
Description: PGP signature