Josh Berkus wrote: > Magnus, > >> I'd also vote for changing the name of the "non encrypted" version to >> just "gss" instead of "gss-np". > > I don't. We'll want to support GSS encryption once we have the code, so we > should leave the namespace open to address that.
I agree that we should do this, I'm just suggesting different names, namely "gss" and "gss-sec". >> Oh, and I do think putting in GSSAPI authentication only (and not >> encryption) is the way to go for now, since we can do encryption with >> OpenSSL. It'll make the changes localized to just the authentication. > > For now, yes. In the long run, we want to provide users with other methods > of encrypted connections than the rather flaky and > not-available-on-every-platform OpenSSL. Certainly. I'm talking short-term when I say that. When we eventually do -sec, it might be worthwhile to consider that in the context of the GnuTLS patches that were thrown around earlier - maybe something can be done for both of them, so we don't get a hugely expanded codebase. //Magnus ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster