On 25/03/13 15:17, Stephen Frost wrote:
Tim,
* Tim Watts (tim.j.watts@xxxxxxxxx) wrote:
I presume the protocol does not allow the server to send a succession of
"Type: Authentication request" packets with different Authentication
types until it deems that one is acceptable?
Even if it did, existing clients would very likely be confused by it..
To be honest, I don't have a solution in mind for how to make this
happen, I was really just pointing out that there's a difference between
"we won't do that because we don't trust the sysadmin" and "that's not
an option due to how the system works today".
No no - fully understood :)
I appreciate the candid and reasoned arguments :)
I wish I could help - but I more of a sysamdin and less of a developer.
But it is *very* helpful to know that something *is not possible* and
*is likely to not be possible for a long time, if ever*. That allows me
as a humble user of the software to plan deployment :)
Perhaps one option would
be to look at the Negotiate protocol which mod_auth_kerb and friends use
and perhaps have that as an explicitly new auth mechanism. A server set
up to provide that would, of course, have to consider if its users
supported it or not but that's true already- you can have situation
already though, a given client might not support gssapi, for example.
A "negotiate" option would be very cool. I will expect nothing (on the
basis it's free software, I have no rights ;-> ).
Save to say I think Postgresql is very cool already and has been for the
last 12 years I've been using it...
All the best,
Tim
--
Tim Watts Tel (VOIP): +44 (0)1580 848360
Systems Manager Digital Humanities, King's College London
Systems Messages and Notifications: https://systemsblog.cch.kcl.ac.uk/
Personal Blog: http://squiddy.blog.dionic.net/
"She got her looks from her father. He's a plastic surgeon."
--
Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
