Обсуждение: State of Kerberos v4 support

Поиск
Список
Период
Сортировка

State of Kerberos v4 support

От
"Magnus Hagander"
Дата:
I'm working over the "kerberos service principal name" patch that's in
the queue to make it good enough for application. During which I noticed
it touches both kerberos 4 and kerberos 5 code, which leads me to two
questions:

1) Does anybody actually use Kerberos v4? Considering it's been declared
dead long ago, is considered insecure, and the latest release my MIT was
sometime back in 1996, and they've declared it officially dead (in
favour of Kerberos v5).

2) It has been deprecated in PostgreSQL since version 7.4. Is it perhaps
time to rip it out?

The main reason I'm asking is that I'm unable to test anything that I do
in that part of the code, so I either need somebody to help me with
that, we rip it, or I code without testing...

//Magnus

Re: State of Kerberos v4 support

От
Tom Lane
Дата:
"Magnus Hagander" <mha@sollentuna.net> writes:
> 1) Does anybody actually use Kerberos v4?

The last time it was proposed that we remove it, somebody popped up and
said they were still using it.  You could check the archives and try to
contact that person for help in testing.

If there's no one willing to help test that it still works, then I'd
say it's time to rip it out ...
        regards, tom lane

Re: State of Kerberos v4 support

От
Kenneth Marshall
Дата:
On Fri, May 06, 2005 at 05:00:36PM +0200, Magnus Hagander wrote:
> I'm working over the "kerberos service principal name" patch that's in
> the queue to make it good enough for application. During which I noticed
> it touches both kerberos 4 and kerberos 5 code, which leads me to two
> questions:
> 
> 1) Does anybody actually use Kerberos v4? Considering it's been declared
> dead long ago, is considered insecure, and the latest release my MIT was
> sometime back in 1996, and they've declared it officially dead (in
> favour of Kerberos v5).
> 
> 2) It has been deprecated in PostgreSQL since version 7.4. Is it perhaps
> time to rip it out?
> 
> The main reason I'm asking is that I'm unable to test anything that I do
> in that part of the code, so I either need somebody to help me with
> that, we rip it, or I code without testing...
> 

I vote for ditching the Kerberos v4 support completely.

Ken