| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Spurious Kerberos error messages |
| Date: | 2008-11-09 17:30:39 |
| Message-ID: | 49171E3F.6060406@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> Magnus Hagander <magnus(at)hagander(dot)net> writes:
>
>> Another option would be not to call the kerberos code there at all. All
>> other authentication methods that take the userid externally (gssapi,
>> sspi, ident) require the user to specify the name to connect as if it's
>> different from the one in the operating system. I think that's a very
>> uncommon scenario in any case - almost everybody will be using whatever
>> userid is used in the system, when using Kerberos.
>>
>
> Hmm, that's an interesting alternative. I like it because it takes away
> some useless connection-startup overhead in the common case where you're
> using a Kerberos-enabled library but Kerberos isn't set up on the system.
>
>
+1. Anything that reduces connection overhead is a definite plus.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Decibel! | 2008-11-09 17:31:24 | Re: [PATCH] Recreate Missing WAL Directories (from TODO) |
| Previous Message | Magnus Hagander | 2008-11-09 17:18:21 | Re: Spurious Kerberos error messages |