On 14 October 2015 at 06:34, Robbie Harwood <rharw...@redhat.com> wrote: > Alright, here's v3. As requested, it's one patch now.
I hate to ask, but have you looked at how this interacts with Windows? We support Windows SSPI (on a domain-member host) authenticating to a PostgreSQL server using gssapi with spnego. We also support a PostgreSQL client on *nix authenticating using gssapi with spnego to a PostgreSQL server that's requesting sspi mode. The relevant code is all a bit tangled, since there's support in there for using Kerberos libraries on Windows instead of SSPI too. I doubt anybody uses that last one, tests it, or cares about it, though, given the painful hoop-jumping, registry key permission changes, etc required to make it work. For bonus fun, RC4, DES, AES128 or AES256 are available/used for Kerberos encryption on Windows. See http://blogs.msdn.com/b/openspecification/archive/2011/05/31/windows-configurations-for-kerberos-supported-encryption-type.aspx . Though given that Win7 defaults to AES256 it's probably reasonable to simply not care about anything else. -- Craig Ringer http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-hackers mailing list (email@example.com) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers