Kerberos authentication in PostgreSQL
Sam Hartman
hartmans at MIT.EDU
Wed Oct 30 13:39:54 EST 2002
>>>>> "Steve" == Steve Langasek <vorlon at dodds.net> writes:
Steve> Does the Kerberos support in Postgres represent appropriate
Steve> groundwork for proper Kerberos authentication, or is it
Steve> another cleartext-password-proxy approach to Kerberos like
Steve> pam_krb5?
Not really. It calls sendauth and that's it. Doesn't even
authenticate the postgres username.
Since postgres actually supports stream encryption these days it
shouldn't be too hard to implement GSSAPI, SASL or krb_priv though. I
suspect you'd use very little of the existing code.
More information about the Kerberos
mailing list