Re: Preliminary GSSAPI Patches
| От | Tom Lane |
|---|---|
| Тема | Re: Preliminary GSSAPI Patches |
| Дата | |
| Msg-id | 19293.1192035992@sss.pgh.pa.us обсуждение |
| Ответ на | Re: Preliminary GSSAPI Patches ("Henry B. Hotz" <hbhotz@oxy.edu>) |
| Ответы |
Re: Preliminary GSSAPI Patches
|
| Список | pgsql-patches |
"Henry B. Hotz" <hbhotz@oxy.edu> writes:
> You know, I don't know what I was thinking when I sent this. My
> apologies for the late correction.
>
> Anyone who has a copy of the "host" keys for a machine can
> manufacture kerberos tickets for the "host" service on that machine
> masquerading as absolutely anyone (including people who don't
> exist). Same for the "postgres" keys, and if the postgres server can
> steal the host keys (or vice versa) then it's even worse.
> [snip...]
Maybe I'm too dense, but I don't see a conclusion here. Do we need to
change our code, our docs, both, or neither?
regards, tom lane
В списке pgsql-patches по дате отправления: