> > I do not like --with-krb5 because it has extremely limited real world > > use. > > Riiigghhhttt... Only every Windows setup which uses Active Directory, > most major universities, and certain large corporations (uh, AOL?) would > even think to use something like Kerberos!
I said "Extremely Limited" real world use. Between just two of my customers, in the next 2 years we (CMD) will have 12 thousand postgresql installations. Not one of them will use Kerberos. > > > I do not like --with-pam but only because I have never gotten it to > > work. > > We use it on some of our production systems (since it can provide > cracklib, password expiration, etc, and the postgres instance inside > it's own vserver so it doesn't hurt as much to make the passwd/shadow > files available to it...). I'd be happy to help you get it to work if > you'd like, and I could even provide you with some PG/C functions to use > password changing and password aging. :) Oh, I am sure it is great. I have just never tried that hard to get it to work :) > > I do like --with-ldap because it is pretty much standard within > > directory lookups by the nature of Active Directory. > > Funny you like LDAP but not Kerberos, both of which are part of Active > Directory... Using LDAP simple binds to AD for authentication is > *quite* silly and *much* less secure than using Kerberos... Yes but LDAP gives me a lot of other things, easily and it has SSL. SSL + Firewall gives me 98% of the security I need. Sincerely, Joshua D. Drake -- === The PostgreSQL Company: Command Prompt, Inc. === Sales/Support: +1.503.667.4564 || 24x7/Emergency: +1.800.492.2240 Providing the most comprehensive PostgreSQL solutions since 1997 http://www.commandprompt.com/ Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend