* Magnus Hagander (magnus@hagander.net) wrote:
> The maintenance part of me suggesting getting rid of krb5 is the
> smallest one. It being a non-standard protocol is more important, and
> the fact that the exchange breaks the libpq protocol and is not
> protected by SSL is the big reason.
Erm, it doesn't need to be protected by SSL? Breaking the libpq
protocol does kind of suck. I assume you're not requiring SSL for the
GSSAPI stuff...
Thanks,
Stephen