On Sep 28, 2006, at 2:24 PM, Tom Lane wrote:

"Magnus Hagander" <[EMAIL PROTECTED]> writes:
As for the other part - will core accept this - I can't answer that.

It would depend in part on the size of the patch, and on whether there
are any arguments for supporting GSSAPI besides "Java can't do Kerberos".
What would it buy for a libpq user?

Everything that the current Kerberos support provides plus Java.

Ability to encrypt or integrity protect the client/server connection (without SSL/TLS tunnels).

In theory, you get to plug in other mechanisms than Kerberos. In practice I think this only worked on Solaris, until very recently. The free gssapi implementations in Java, Solaris, MIT Kerberos, and Heimdal Kerberos only supported Kerberos. Sun open sourced their mechanism glue code and it's being incorporated into both MIT (now) and Heimdal (0.8). Entrust sells a PKI mechanism for Solaris.

Wire compatibility with a native Windows API (the SSPI), if it's used correctly. (Google for posts by Jeffrey Altman for references to example code.) ------------------------------------------------------------------------ ----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.

---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?


Reply via email to