On Nov 2, 2006, at 1:18 AM, Magnus Hagander wrote:
* Henry B. Hotz ([EMAIL PROTECTED]) wrote:
I've been looking at adding SASL or GSSAPI as an auth
method. I have
some questions about how to handle the flow of control changes.
Great! I'd love to see that implemented, personally, so if you're
looking for help, please let me know.
Thank you. I will! ;-)
Do you know Java? I'm doing this ultimately because I want
the JDBC driver to support encrypted connections with
Kerberos and without needing SSL. As an added plus a
Windows-native client should support it.
Interesting, I thought you were going for the authentication only.
What's the real gain in doing Kerberos encryption over SSL encryption?
Doesn't Java come with SSL support anyway these days?
My main hesitation between SASL and GSSAPI is that the
Windows equivalent APIs for SASL have not received the same
degree of interoperability testing as SSPI<-->GSSAPI. I
don't have a published example to crib from. For general
information the relevant calls are at the bottom of
<http://msdn.microsoft.com/library/default.asp?url=/
library/en-us/secauthn/security/authentication_functions.asp>.
One reason for this could be that they appear to be available only on
server platforms, and not on cilents, if you look at the
documentation.
That said, I have the DLL file and the export functions on my XP
machine, so it's definitly present there - I'm unsure if it *works* or
is supported. My registry does indicate that I have the GSSAPI profile
for SASL, which would be an indication that it should.
//Magnus
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
