k you,
Henry
On Tue, Sep 26, 2017 at 9:37 AM Alvaro Hernandez wrote:
>
>
> On 26/09/17 17:50, Craig Ringer wrote:
>
> On 26 September 2017 at 22:14, Magnus Hagander
> wrote:
>
>>
>>
>> On Tue, Sep 26, 2017 at 2:16 PM, Alvaro Hernandez wrote:
>>
>&g
if there are any rough design/plans for this...
https://wiki.postgresql.org/wiki/Fujitsu_roadmap#Multi-model_database
- *graph: Natively support graph data model. Implement Cypher and/or
Gremlin as the query language through UDFs.*
Thank you,
Henry
On Sun, Sep 3, 2017 at 1:14 PM MauMau
This may be interesting... they implement cypher (unfortunately they had to
fork in order to have cypher be a first class query language with SQL).
https://github.com/bitnine-oss/agensgraph
On Mon, Aug 21, 2017 at 12:44 AM Chris Travers
wrote:
> On Sun, Aug 20, 2017 at 4:10 AM, MauMau wrote:
Renegotiation should be a best practice. Trouble is it's been broken (at the
protocol level) three times in the last few years so it's a massive hole in
practice.
Ideally we should leave the renegotiate in, and only remove it if configure
detects a broken version of TLS.
Personal email. hbh..
SASL was done by many of the same people who did GSSAPI. It's main practical
advantages are that it supports password-based mechanisms (in addition to
GSSAPI/krb5), and that it’s more explicitly pluggable than GSSAPI is.
The password mechanism is simple enough that it's frequently implemented
On Jul 31, 2008, at 7:58 AM, Magnus Hagander wrote:
Stephen Frost wrote:
* Henry B. Hotz ([EMAIL PROTECTED]) wrote:
I'm making no promises, but what would people think of a hostgss hba
option?
As described, sounds like a win to me. It'd be very nice to be
able to
just
What's the time frame for 8.4?
I'm making no promises, but what would people think of a hostgss hba
option?
Using it would imply the gssapi/sspi authentication option. It would
be mutually exclusive of the ssl link-encryption option. It would
support strong encryption of the whole conne
On Oct 27, 2007, at 1:36 AM, Magnus Hagander wrote:
If this isn't fixed then PG will never be a supported infrastructure
service at JPL the way MySQL currently is. I had hoped to use the
GSSAPI support as a feature to pry some people away from MySQL, but
without the ability to integrate into a
On Oct 26, 2007, at 12:56 AM, Magnus Hagander wrote:
On Thu, Oct 25, 2007 at 05:39:37PM -0700, Henry B. Hotz wrote:
On Oct 25, 2007, at 3:27 PM, Stephen Frost wrote:
* Henry B. Hotz ([EMAIL PROTECTED]) wrote:
What you're asking for is basically a krb_match_realm parameter,
or
On Oct 25, 2007, at 3:27 PM, Stephen Frost wrote:
* Henry B. Hotz ([EMAIL PROTECTED]) wrote:
What the krb5 method does is IMO a documented bug. The realm name
is part
of the name.
As I explained at some length you cannot assume the username (first
component of the principal) has any
On Oct 25, 2007, at 1:47 AM, Magnus Hagander wrote:
On Fri, Oct 19, 2007 at 04:51:04PM -0700, Henry B. Hotz wrote:
I know I haven't been very active for a while here, but I just got to
testing the October 3 version a bit prior to getting back to the Java
GSS client stuff I promised.
On Oct 25, 2007, at 10:22 AM, Tom Lane wrote:
Magnus Hagander <[EMAIL PROTECTED]> writes:
On Fri, Oct 19, 2007 at 04:51:04PM -0700, Henry B. Hotz wrote:
There's no way to specify the gssapi library to use. I have
three on
my main development Sun: MIT, Sun, and Heimdal. I migh
I know I haven't been very active for a while here, but I just got to
testing the October 3 version a bit prior to getting back to the Java
GSS client stuff I promised. There seem to be some funny things there.
The only serious issue is that the server doesn't require the realm
name to mat
mentations
(there could
be of course, but the standard defines the protocol), but I'm sure
headers
and libraries could be in different places and have different names.
Actually testing the authentication itself is of course a bonus :-)
I've only tested it against Active Directory
On May 2, 2007, at 3:11 AM, Magnus Hagander wrote:
As to the question of GSSAPI vs SSL, I would never argue we don't
want both.
Part of what made the GSSAPI encryption mods difficult was my intent
to insert them "above" the SSL encryption/buffering layer. That way
you could double-encrypt the
On May 1, 2007, at 3:11 PM, Magnus Hagander wrote:
Also, last I checked OpenSSL didn't ship with Windows and Kerberos
encryption did.
How long ago did you check? I've been using OpenSSL on windows
for many
years. Actually, it was supported just fine on Windows back when
it was
added to Pos
On May 1, 2007, at 1:32 PM, Tom Lane wrote:
Stefan Kaltenbrunner <[EMAIL PROTECTED]> writes:
Josh Berkus wrote:
For now, yes. In the long run, we want to provide users with
other methods
of encrypted connections than the rather flaky and
not-available-on-every-platform OpenSSL.
I'm curi
On May 1, 2007, at 2:30 PM, Magnus Hagander wrote:
Henry B. Hotz wrote:
On May 1, 2007, at 1:33 PM, Tom Lane wrote:
Magnus Hagander <[EMAIL PROTECTED]> writes:
I would call them "gss" and "gss-sec". Or possibly "gss-enc". I
think
that's a lot m
On May 1, 2007, at 1:33 PM, Tom Lane wrote:
Magnus Hagander <[EMAIL PROTECTED]> writes:
I would call them "gss" and "gss-sec". Or possibly "gss-enc". I think
that's a lot more clear than "gss-np" (something ending with -sec
is a
giveaway)
+1
If we settle on gss-np and gss-sec is that a
On May 1, 2007, at 1:16 AM, Magnus Hagander wrote:
Henry B. Hotz wrote:
OK, so posted. ;-)
Would you like a new version of the patch with the incomplete
functionality commented out (or otherwise removed)?
Yes please :-) I was going to try to do one of those myself, but since
you
here's no regression either.
On Apr 30, 2007, at 5:56 PM, Tom Lane wrote:
"Henry B. Hotz" <[EMAIL PROTECTED]> writes:
Don't you want to maintain some interoperability between 8.2 client/
server and 8.3 server/client at least?
Hm, you mean that what you called a C
of any platform
that supports the "native" Kerb5 API that doesn't also support GSSAPI
for the simple reason that a Kerberos-only version of GSSAPI has been
bundled with both the MIT and Heimdal distributions for as long as I
can remember.
On Apr 30, 2007, at 4:48 PM, To
to rip out the existing Kerb5 code.
On Apr 30, 2007, at 3:23 PM, Henry B. Hotz wrote:
OK, so posted. ;-)
To clarify for the larger audience: without the plain "gss"
mechanism, the "gss-np" mechanism provides exactly the same
functionality as the existing krb5 mecha
Postgres Java client have changed, and they
will be using MySQL instead. |-( Given what I've said here, I still
feel obligated to provide Java mods, but your timeline will affect mine.
Begin forwarded message:
From: Bruce Momjian <[EMAIL PROTECTED]>
Date: April 30, 2007 2:22:0
Would you like a krb5.h file for Solaris 9-10 that will allow you to
"break into" the "hidden" library?
Also S10u4 won't be out until this summer. I'd say the answer is
currently "no". It's known by Sun that Postgres will compile against
their Kerberos libraries though.
On Feb 23, 2007,
On Feb 23, 2007, at 1:24 PM, Joshua D. Drake wrote:
Henry Hotz: GSSAPI (with Magnus)
Progressing. Had hoped to have alpha patches by March 1, but I just
got handed a proposal that I have to do by then. I trust it's OK to
send the first version in next week?
No real issues, exc
Anyone making those kind of decisions probably wants a generic
"connection is encrypted" flag. It could be true if a GSSAPI
connection has negotiated use of a security layer.
Of course I don't have my GSSAPI patches working as well as the SASL
ones were yet, and I haven't started on adding
On Jan 29, 2007, at 9:49 AM, Magnus Hagander wrote:
Henry B. Hotz wrote:
Henry B. Hotz: GSSAPI authentication method for C (FE/BE) and
Java (FE).
Magnus Haglander: SSPI (GSSAPI compatible) authentication method
for C
(FE) on Windows.
(That fair Magnus? Or you want to volunteer for BE
tman/Public/kfw/gss/>. It's more places than
SASL is. Down side is it doesn't do much that the current Krb5 code
doesn't do.
Structurally the GSSAPI mods will be very similar to the SASL ones I
already did.
On Jan 26, 2007, at 7:16 PM, Stephen Frost wrote:
* Henry B.
Henry B. Hotz: GSSAPI authentication method for C (FE/BE) and Java
(FE).
Magnus Haglander: SSPI (GSSAPI compatible) authentication method for
C (FE) on Windows.
(That fair Magnus? Or you want to volunteer for BE support as well?)
GSSAPI isn't much more than a functional replacemen
On Nov 2, 2006, at 12:26 PM, Richard Troy wrote:
Well, there's simply no need. While I can agree that more could be
done,
I'm not convinced there's a need because what we have now works
fine. Let
me support my view by stating first that I perceive that combining the
conception of encrypting
On Nov 2, 2006, at 11:04 AM, Martijn van Oosterhout wrote:
On Thu, Nov 02, 2006 at 10:45:24AM -0800, Henry B. Hotz wrote:
In my case I have good control over the Kerberos infrastructure, but
none over the Federal PKI infrastructure. I also want the data
channel encryption tied to the client
Sorry about the premature send.
On Nov 2, 2006, at 1:18 AM, Magnus Hagander wrote:
* Henry B. Hotz ([EMAIL PROTECTED]) wrote:
I've been looking at adding SASL or GSSAPI as an auth
method. I have
some questions about how to handle the flow of control changes.
Great! I'd love t
On Nov 2, 2006, at 1:18 AM, Magnus Hagander wrote:
* Henry B. Hotz ([EMAIL PROTECTED]) wrote:
I've been looking at adding SASL or GSSAPI as an auth
method. I have
some questions about how to handle the flow of control changes.
Great! I'd love to see that implemented, persona
On Nov 1, 2006, at 6:33 AM, Stephen Frost wrote:
* Henry B. Hotz ([EMAIL PROTECTED]) wrote:
I've been looking at adding SASL or GSSAPI as an auth method. I have
some questions about how to handle the flow of control changes.
Great! I'd love to see that implemented, persona
On Oct 31, 2006, at 8:34 PM, Tom Lane wrote:
"Henry B. Hotz" <[EMAIL PROTECTED]> writes:
I notice that all the
authentication (pg_fe_sendauth()) is done inside PWConnectPoll(),
which sounds like something that isn't expected to block on network
access.
That's
I've been looking at adding SASL or GSSAPI as an auth method. I have
some questions about how to handle the flow of control changes.
When you do one of the above, an authentication is not (necessarily)
a simple one-packet exchange. In fact the exchange may involve
trying several different
On Sep 29, 2006, at 12:31 AM, Magnus Hagander wrote:
However, that doesn't change that some people would like us to
support
GSSAPI, and there may be some benefit (additional applications,
better
network authentication, etc.) for doing so. If we can get
additional
programmers to code the
On Sep 28, 2006, at 9:35 PM, Tom Lane wrote:
"Joshua D. Drake" <[EMAIL PROTECTED]> writes:
Is there any reason why we haven't built a generic authentication
API?
Something like PAM, except cross platform?
We're database geeks, not security/crypto/authentication geeks. What
makes you think
On Sep 28, 2006, at 3:01 PM, Josh Berkus wrote:
Kris,
I would if we could get some -hackers buy in on the idea. Adding
more and more auth methods is something they're not excited about
unless there's a good reason (which I think this is).
Actually, I've been trying to get some of the Sun e
On Sep 28, 2006, at 3:03 PM, Josh Berkus wrote:
Tom,
It would depend in part on the size of the patch, and on whether
there
are any arguments for supporting GSSAPI besides "Java can't do
Kerberos".
What would it buy for a libpq user?
According to the Solaris Security engineers, GSSAPI is mo
I cc'ed Tom Lockhart because he *used* to be core, and I know where
he works. No response expected.
On Sep 28, 2006, at 2:11 PM, Magnus Hagander wrote:
f) SASL support is available in current Java as well as C.
SASL libraries are included (or at least loadable) on MacOS,
Solaris 10+, and Lin
On Sep 28, 2006, at 2:24 PM, Tom Lane wrote:
"Magnus Hagander" <[EMAIL PROTECTED]> writes:
As for the other part - will core accept this - I can't answer that.
It would depend in part on the size of the patch, and on whether there
are any arguments for supporting GSSAPI besides "Java can't d
On Sep 28, 2006, at 12:42 PM, Magnus Hagander wrote:
2) If I were willing to add a GSSAPI or SASL layer as an
alternative to the bare Krb 5 support would anyone be willing
to help with the supporting mods to the pg_hba.conf parsing,
and configure?
Sure, I can help out with that. I've done a b
There's an old post from Phil about having GSSAPI support "almost
working" with PostgreSQL. I'd like to ask him about his work, but
the email link in the archives doesn't work.
The opinions expressed in this messag
On Sep 28, 2006, at 10:52 AM, Kris Jurka wrote:
On Thu, 28 Sep 2006, Henry B. Hotz wrote:
It appears that the JDBC client doesn't include the Kerberos
support that the C clients do.
Java doesn't have accessible Kerberos support. It wraps Kerberos
in GSSAPI which requires
It appears that the JDBC client doesn't include the Kerberos support
that the C clients do.
So, two questions:
1) Is there an alternative JDBC client that's just a glue layer
instead of a complete re-implementation?
2) If I were willing to add a GSSAPI or SASL layer as an alternative
to
d copyfuncs.c.
Any comments or advices would be appreciated.
Henry
---(end of broadcast)---
TIP 8: explain analyze is your friend
nd copyfuncs.c
Do I miss anything? Could anyone give me your advices on the
implementation?
Thanks.
Henry
---(end of broadcast)---
TIP 6: Have you searched our list archives?
http://archives.postgresql.org
s it comes out of the de objectTypeOut
function),
but the type casted getObject() method fails (I tried the type mapping
in different ways, but no one seem to work).
Thanks in advance for any tip.
Jean
Jean-Henry Berevoescu wrote:
Hi,
I am trying to create complex user-defined base types and
comes out of the de objectTypeOut
function),
but the type casted getObject() method fails (I tried the type mapping
in different ways, but no one seem to work).
Thanks in advance for any tip.
Jean
Jean-Henry Berevoescu wrote:
Hi,
I am trying to create complex user-defined base types and
Hi,
I am trying to create complex user-defined base types and have some
difficulties.
I started with the examples (complex, point, path) and I had no problem
at all
creating similar user-defined types, with fixed or variable length. They
perform very good in all my tests (inserts, selects and s
At 10:45 AM -0400 10/9/03, Bruce Momjian wrote:
Neil Conway wrote:
On Thu, 2003-10-09 at 09:35, Bruce Momjian wrote:
> I only put back what was already there --- not sure why others don't use
> it. You want it enabled on Linux?
Well, why do we have it enabled at all? If it's to speed compilati
At 1:51 PM -0500 11/20/02, Tom Lane wrote:
Patrick Welche <[EMAIL PROTECTED]> writes:
On Wed, Nov 20, 2002 at 01:21:47PM -0500, Tom Lane wrote:
Ah-hah, so it is a version issue --- we could make the resultmap line
something like
geometry/.*-netbsd1.[0-5]=geometry-positive-zeros
NetBSD/i3
At 1:15 AM -0500 11/20/02, Tom Lane wrote:
Bruce Momjian <[EMAIL PROTECTED]> writes:
Tom, can you clarify why -0 is valid.
The IEEE spec absolutely thinks that -0 and +0 are distinct entities.
I don't remember why, at one in the morning ... but if you insist I'm
sure that plenty sufficient num
At 1:50 AM -0400 4/6/01, Tom Lane wrote:
>"Henry B. Hotz" <[EMAIL PROTECTED]> writes:
> > Bottom line: 7.1RC1 passes most of the regression tests on
> > NetBSD/macppc.
>
>The only thing that surprised me here was all of the warnings from
>libreadline c
Bottom line: 7.1RC1 passes most of the regression tests on
NetBSD/macppc. It's probably good enough for normal use since the
differences are not extensive, but someone would need to look at the
diff's for longer than the 10 seconds or so I've spent so far, and
someone should actually set it
gt;At 5:14 PM + 3/26/01, Thomas Lockhart wrote:
>>NetBSD m68k 7.0 2000-04-10, Henry B. Hotz
>
>I no longer have a 68k machine that's fast enough to reasonably test
>PG on. I have a IIcx that sometimes serves as a router, but I'm
>using some second-generation p
>
> en_GB would be a "British English" translation. I don't think this is
> what you wanted to do.
>
cn_GB, sorry. :-D
Regards
Laser Henry
---(end of broadcast)---
TIP 2: you can get off all lists at once with the u
At 5:14 PM + 3/26/01, Thomas Lockhart wrote:
>NetBSD m68k7.0 2000-04-10, Henry B. Hotz
I no longer have a 68k machine that's fast enough to reasonably test
PG on. I have a IIcx that sometimes serves as a router, but I'm
using some second-generation powermac's
f some software package, I still can't
generate other format (html, ps etc.) on my machine after upgrade to 7.1,
but the old Makefile is ok. don't know why, if put up there, then you can
generate other format without problem.
Thanks & Regards
Laser Henry
--
>
> > appropriate. There are several encodings for Chinese including
> > GB(EUC-CN), Big5, EUC-TW. At least we should be able to distinguish
> > them. What about "chinese(GB)" or whatever?
>
> Renamed to chinese-gb.
>
I think chinese-gb is ok, thanks!
Regards
Laser
Hi all:
The attachement is the Chinese (GB) patch for PgAccess, don't know
if it's correct to post here.
It's simple to do the translation, And I've test in 7.0.2 & current CVS,
seems pretty good.
If anyone want this little thing, I'll very happy.
use it is very simple, just gunzip it and copy
63 matches
Mail list logo