Tom Lane wrote:
> Magnus Hagander <magnus@hagander.net> writes:
>
>> Another option would be not to call the kerberos code there at all. All
>> other authentication methods that take the userid externally (gssapi,
>> sspi, ident) require the user to specify the name to connect as if it's
>> different from the one in the operating system. I think that's a very
>> uncommon scenario in any case - almost everybody will be using whatever
>> userid is used in the system, when using Kerberos.
>>
>
> Hmm, that's an interesting alternative. I like it because it takes away
> some useless connection-startup overhead in the common case where you're
> using a Kerberos-enabled library but Kerberos isn't set up on the system.
>
>
+1. Anything that reduces connection overhead is a definite plus.
cheers
andrew