On Wed, Apr 10, 2019 at 9:47 PM Stephen Frost <sfrost@snowman.net> wrote: > Right, if we changed the name of the auth method then everyone who is > using the "gss" auth method would have to update their pg_hba.conf > files... That would be very ugly. Also, it wasn't implicitly rejected, > it was discussed up-thread (see the comments between Magnus and I, > specifically, quoted above- "that ship sailed *years* ago") and > explicitly rejected.
Slightly off-topic, but I am not familiar with GSSAPI and don't quite understand what the benefits of GSSAPI encryption are as compared with OpenSSL encryption. I am sure there must be some; otherwise, nobody would have bothered writing, reviewing, and committing this patch. Can somebody enlighten me?
You don't need to set up an SSL PKI.
Yes you need the similar keys and stuff set up for GSSAPI, but if you already *have* those (which you do if you are using gss authentication for example) then it's a lot less extra overhead.