From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Robbie Harwood <rharwood(at)redhat(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Joe Conway <mail(at)joeconway(dot)com>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, David Steele <david(at)pgmasters(dot)net>, Michael Paquier <michael(at)paquier(dot)xyz>, Nico Williams <nico(at)cryptonector(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [PATCH v20] GSSAPI encryption support |
Date: | 2019-04-11 13:58:54 |
Message-ID: | CABUevExwCmq5OmqXX-VUxGBPW2XiHpO4O4f9nsO_QjUfwxzoKw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, Apr 11, 2019 at 3:56 PM Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> On Wed, Apr 10, 2019 at 9:47 PM Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > Right, if we changed the name of the auth method then everyone who is
> > using the "gss" auth method would have to update their pg_hba.conf
> > files... That would be very ugly. Also, it wasn't implicitly rejected,
> > it was discussed up-thread (see the comments between Magnus and I,
> > specifically, quoted above- "that ship sailed *years* ago") and
> > explicitly rejected.
>
> Slightly off-topic, but I am not familiar with GSSAPI and don't quite
> understand what the benefits of GSSAPI encryption are as compared with
> OpenSSL encryption. I am sure there must be some; otherwise, nobody
> would have bothered writing, reviewing, and committing this patch.
> Can somebody enlighten me?
>
You don't need to set up an SSL PKI.
Yes you need the similar keys and stuff set up for GSSAPI, but if you
already *have* those (which you do if you are using gss authentication for
example) then it's a lot less extra overhead.
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2019-04-11 14:01:02 | Re: Zedstore - compressed in-core columnar storage |
Previous Message | Robert Haas | 2019-04-11 13:56:37 | Re: [PATCH v20] GSSAPI encryption support |