Kerberos authentication in PostgreSQL

Steve Langasek vorlon at dodds.net
Wed Oct 30 13:36:36 EST 2002


On Wed, Oct 30, 2002 at 12:27:38PM -0500, Sam Hartman wrote:
> >>>>> "Arunvijai" == Arunvijai  <arunvijai at yahoo.com> writes:

>     Arunvijai> Hi Guys, Please help me to configure and run
>     Arunvijai> Postgresql7.x.x Authentication with Kerberos
>     Arunvijai> Authentication method.  The Starting of Kerberos under
>     Arunvijai> RHL7.3 seems to be very hard.  Please send your views
>     Arunvijai> to my mail address.

> Please do not use the Kerberos authentication in Postgres.  It is
> quite insecure.  It does not authenticate both sides of the
> connection.  It provides no data protection so it is vulnerable to
> man-in-the-middle and connection hijacking.

Pah, people go and get my hopes up, and then someone has to go and bring
*security* into the mix... :)

Does the Kerberos support in Postgres represent appropriate groundwork for
proper Kerberos authentication, or is it another cleartext-password-proxy
approach to Kerberos like pam_krb5?

Steve Langasek
postmodern programmer



More information about the Kerberos mailing list