On Thu, Apr 7, 2016 at 8:20 AM, Tom Lane <t...@sss.pgh.pa.us> wrote:
> Robbie Harwood <rharw...@redhat.com> writes:
>> Tom Lane <t...@sss.pgh.pa.us> writes:
>>> Wait a second.  So the initial connection-request packet is necessarily
>>> unencrypted under this scheme?
>> Yes, by necessity.  The username must be sent in the clear, even if only
>> as part of the GSSAPI handshake (i.e., the GSSAPI username will appear
>> in plantext in the GSSAPI blobs which are otherwise encrypted).  GSSAPI
>> performs authentication before it can start encryption.
> Ugh.  I had thought we were putting work into this because it represented
> something we could recommend as best practice, but now you're telling me
> that it's always going to be inferior to what we have already.

It does not seem necessary to have an equivalent of
pqsecure_open_client, just some extra handling in fe-connect.c to set
up the initial context with a proper message handling... Not that
direct anyway. So should the patch be marked as returned with feedback
at this stage?

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to