| From: | Sean Chittenden <sean(at)chittenden(dot)org> |
|---|---|
| To: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Joe Conway <mail(at)joeconway(dot)com>, "Hackers (PostgreSQL)" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: compile error on cvs tip |
| Date: | 2003-08-17 05:50:40 |
| Message-ID: | 20030817055040.GB70920@perrin.int.nxad.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> > > > auth.c: In function `pg_krb5_recvauth':
> > > > auth.c:294: structure has no member named `user'
> > >
> > > Ooops, my fault --- I didn't build with Kerberos support after
> > > changing those field names.
> > >
> > > Now that I think about it, there might be similar omissions in the
> > > PAM or Kerberos4 support --- can anyone try those?
> >
> > krb4 code should be removed from PostgreSQL ASAP for various
> > insecurities in the protocol. It's been removed from FreeBSD, MIT,
> > and Heimdal's code base and is officially unsupported as of June this
> > year. -sc
>
> I have added the following to our documentation in the Kerberos section:
>
> <para>
> While <productname>PostgreSQL</> supports both Kerberos 4 and
> Kerberos 5, only Kerberos 5 is recommended. Kerberos 4 is
> considered insecure and no longer recommended for general
> use.
> </para>
iirc, we were going to depreciate kerberos 4 in the 7.4 release notes
and remove support for it for 7.5, giving users one full release cycle
to move to krb5.
There any plans to include the appropriate verbiage to allow for krb4's
future deorbit?
-sc
--
Sean Chittenden
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andreas Pflug | 2003-08-17 09:17:54 | Re: Stuff that doesn't work yet in IPv6 patch |
| Previous Message | Sean Chittenden | 2003-08-17 05:48:16 | Re: [HACKERS] Are we losing momentum? |