On Wed, Oct 14, 2009 at 11:44 PM, Stephen Frost <sfr...@snowman.net> wrote: > * Tom Lane (t...@sss.pgh.pa.us) wrote: >> Peter Eisentraut <pete...@gmx.net> writes: >> > Well, you would lose anyway if the DBA switches the pg_hba.conf setting >> > from md5 to password without telling you. >> >> True :-(. Anybody for a zero-knowledge protocol? >> >> (Realistically, non-password-based auth methods are the only real >> solution here, I fear. We should probably be doing more to encourage >> people to use SSL-cert-based authentication in low-trust situations.) > > Or GSSAPI.. Helping users understand how they can leverage their > existing Kerberos or MS SSPI single-sign-on infrastructures to securely > access PG would go a long way to reducing the password-based usage out > there, imo. Of course, it'd be nice if we supported GSSAPI encrypted > transport too. Separating the encryption into SSL is less than ideal.
Such solutions are exactly what I'd expect to actually go into production in most places, but that doesn't mean that people don't pay attention to the basic features offered as part of the core database when they're early in the evaluation phase. -- Dave Page EnterpriseDB UK: http://www.enterprisedb.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
