Stephen Frost wrote:
> * Magnus Hagander (magnus@hagander.net) wrote:
>> The maintenance part of me suggesting getting rid of krb5 is the
>> smallest one. It being a non-standard protocol is more important, and
>> the fact that the exchange breaks the libpq protocol and is not
>> protected by SSL is the big reason.
>
> Erm, it doesn't need to be protected by SSL? Breaking the libpq
> protocol does kind of suck. I assume you're not requiring SSL for the
> GSSAPI stuff...
No, no requirement. But you would certainly expect it to use it if you
have SSL on the connection.
//Magnus