On Thu, Apr 11, 2019 at 3:56 PM Robert Haas <robertmh...@gmail.com> wrote:
> On Wed, Apr 10, 2019 at 9:47 PM Stephen Frost <sfr...@snowman.net> wrote: > > Right, if we changed the name of the auth method then everyone who is > > using the "gss" auth method would have to update their pg_hba.conf > > files... That would be very ugly. Also, it wasn't implicitly rejected, > > it was discussed up-thread (see the comments between Magnus and I, > > specifically, quoted above- "that ship sailed *years* ago") and > > explicitly rejected. > > Slightly off-topic, but I am not familiar with GSSAPI and don't quite > understand what the benefits of GSSAPI encryption are as compared with > OpenSSL encryption. I am sure there must be some; otherwise, nobody > would have bothered writing, reviewing, and committing this patch. > Can somebody enlighten me? > You don't need to set up an SSL PKI. Yes you need the similar keys and stuff set up for GSSAPI, but if you already *have* those (which you do if you are using gss authentication for example) then it's a lot less extra overhead. -- Magnus Hagander Me: https://www.hagander.net/ <http://www.hagander.net/> Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
