On Nov 1, 2006, at 6:33 AM, Stephen Frost wrote:

* Henry B. Hotz ([EMAIL PROTECTED]) wrote:
I've been looking at adding SASL or GSSAPI as an auth method.  I have
some questions about how to handle the flow of control changes.

Great!  I'd love to see that implemented, personally, so if you're
looking for help, please let me know.

Thank you.  I will!  ;-)

Do you know Java? I'm doing this ultimately because I want the JDBC driver to support encrypted connections with Kerberos and without needing SSL. As an added plus a Windows-native client should support it.

My main hesitation between SASL and GSSAPI is that the Windows equivalent APIs for SASL have not received the same degree of interoperability testing as SSPI<-->GSSAPI. I don't have a published example to crib from. For general information the relevant calls are at the bottom of <http://msdn.microsoft.com/library/default.asp?url=/ library/en-us/secauthn/security/authentication_functions.asp>.

"I don't do windows (TM)."  ;-)

round trips and network accesses done.  I notice that all the
authentication (pg_fe_sendauth()) is done inside PWConnectPoll(),
which sounds like something that isn't expected to block on network

I think you're missing a bit about how the design works.
PGConnectPoll() is expected to be called multiple times until the
connection is established.

I think I got it.  I just didn't want to get it.

I'll probably do the simple, blocking-loop client anyway as a way to debug the server side. Then worry about getting the clients up to snuff.

Basically, you can return something to the
user that says "connection not done yet, but I'm returning because you
said to not block.  Please call again when more data available or you
have the opportunity to".  This is a pretty common arrangment when
non-blocking systems are implemented. As Tom said, you should just need
to have some state stored so that you know what's going on when you're
called again.

Once I start adding connection state I can add a control for whether data packets need to be wrapped as well. I'm not sure how hard the >8KB case will be to handle though. Probably some hooks in the underlying library, and I hope they make it easier rather than harder.



------------------------------------------------------------------------ ----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.

---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
      choose an index scan if your joining column's datatypes do not

Reply via email to