On Sep 28, 2006, at 3:03 PM, Josh Berkus wrote:
Tom,
It would depend in part on the size of the patch, and on whether
there
are any arguments for supporting GSSAPI besides "Java can't do
Kerberos".
What would it buy for a libpq user?
According to the Solaris Security engineers, GSSAPI is more secure
than
using the Kerberos headers. Also, in theory GSSAPI is supposed to
support multiple authentication back-ends (ldap, liberty, etc.), but I
personally have never seen support for anything but Kerberos.
I think that GSSAPI is more tolerant of connections through NAT's. I
think it's more robust to current network reality, but I'm not aware
it's actually more secure if you're using comparable verification
options.
As noted elsewhere on this thread it's more available.
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
[EMAIL PROTECTED], or [EMAIL PROTECTED]
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match