Re: Kerberos v5 support
| От | Peter Eisentraut |
|---|---|
| Тема | Re: Kerberos v5 support |
| Дата | |
| Msg-id | Pine.LNX.4.21.0011061936080.776-100000@peter.localdomain обсуждение исходный текст |
| Ответ на | Kerberos v5 support (Garrett Wollman <wollman@khavrinen.lcs.mit.edu>) |
| Список | pgsql-patches |
Garrett Wollman writes: > Enclosed please find a set of patches, relative to 7.0.2, which will > result in Kerberos v5 support which both compiles and works (as in, > I've successfully authenticated as a remote client). The 7.0 series is not so interesting at this point but you might have a few days yet to get stuff into 7.1. :) (Especially stuff that's #ifdef KRB5 ought to be safe.) 'configure' support for Kerberos (and OpenSSL) has been implemented meanwhile. > local all trust > host all 0.0.0.0 0.0.0.0 krb5 > > However, that `trust' is tempered by changes to the startup scripts > (not included here) which force the local-domain socket to mode 600, We also got that in 7.1-to-be, even without race conditions. :) > You can see from some of the comments that I'd like this to be made > stronger in a number of ways. This patch set simply gets pgsql up to > the minimum acceptable level of security for our environment and > application. Well, not a lot of people really know and use the Kerberos support, so anything that can be done to improve it should be okay. Some better documentation would also be appreciated. :) -- Peter Eisentraut peter_e@gmx.net http://yi.org/peter-e/
В списке pgsql-patches по дате отправления: