This is great.  I've worked on 2 projects in the last year that desperately
needed this.  It will certainly make the security model more seamless...

-Paul




Magnus Hagander-2 wrote:
> 
> A quick status update on the SSPI authentication part of the GSSAPI
> project.
> 
> I have libpq SSPI working now, with a few hardcoded things still in
> there to be fixed. But it means that I can connect to a linux server
> using kerberos/GSSAPI *without* the need to set up MIR Kerberos
> libraries and settings on the client. This is great :-) The code is
> fairly trivial.
> 
> I've set it up as a different way of doing GSSAPI authentication. This
> means that if you can't have both SSPI and MIT KRB GSSAPI in the same
> installation. I don't see a problem with this - 99.9% of windows users
> will just want the SSPI version anyway. But I figured I'd throw it out
> here to see if there are any objections to this?
> 
> I'd like to make this enabled by default on Win32, since all supported
> windows platforms have support for it. Then we can add a configure
> option to turn it *off* if we want to. Comments? Do we even need such an
> option?
> 
> Right now, the SSPI path is hardcoded to just support Kerberos. Once we
> have both client and server with SSPI support I see no reason to keep
> this restriction. Anybody against that? (Not saying that'll happen for
> 8.3, because it certainly needs a bunch of extra testing, but eventually)
> 
> 
> //Magnus
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 6: explain analyze is your friend
> 
> 

-- 
View this message in context: 
http://www.nabble.com/SSPI-authentication-tf4090227.html#a11654750
Sent from the PostgreSQL - hackers mailing list archive at Nabble.com.


---------------------------(end of broadcast)---------------------------
TIP 7: You can help support the PostgreSQL project by donating at

                http://www.postgresql.org/about/donate

Reply via email to