On Wed, Jul 18, 2007 at 10:46:58AM -0400, Tom Lane wrote:
> Magnus Hagander <magnus@hagander.net> writes:
> > But sure, we might leave it in there until there's a direct problem with it
> > (other than the ones we already know). Can I still get my deprecation of it
> > though? ;-)
>
> In the krb4 case, we left it in there until there was very little
> probability anyone was using it anymore, and AFAIR there was no
> significant maintenance burden from that. I don't see a reason to be
> harsher on the krb5 case.
>
> The real problem in my mind is this business of the gssapi and krb5
> support being mutually exclusive. That is going to cause tremendous
> pain because there won't be any convenient upgrade path. Particularly
> not for users of binary packages (RPMs etc) --- they'll be screwed
> if their packager changes, and have no way to upgrade if he doesn't.
> This needs to be fixed.
Non, GSSAPI and krb5 are *not* mutually exclusive.
SSPI and GSSAPI are mutually exclusive.
You can use krb5 and GSSAPI or krb5 and SSPI just fine.
//Magnus