Re: Time to drop RADIUS support?
| От | Aleksander Alekseev |
|---|---|
| Тема | Re: Time to drop RADIUS support? |
| Дата | |
| Msg-id | CAJ7c6TNS5TrAvEo343LDqWZ48J_yhSKOZ0ez0V-_feJmwFeeMw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Time to drop RADIUS support? (Thomas Munro <thomas.munro@gmail.com>) |
| Список | pgsql-hackers |
Hi, > 3. That mitigation would help, but in the end it's still leaky > obfuscation of credentials + MD5-based technology that is being > formally deprecated with a mandated replacement[2], and de facto has > been for a long time. > > The real recommendation of the paper was "don't use RADIUS/UDP at > all", and I don't want to expend energy writing a RADIUS/TLS client > for a hypothetical user, so I think we should just delete it all, and > stick a deprecation notice in the release branch documentation, as > attached. That'd also mean our Windows select() and non-thread-safe > UDP kludges can be VACUUMed. All things considered, it sounds perfectly reasonable. +1. -- Best regards, Aleksander Alekseev
В списке pgsql-hackers по дате отправления: