Re: Postgresql 8.4 GSSAPI auth with fallback to password prompting?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim,

* Tim Watts (tim.j.watts@xxxxxxxxx) wrote:
> I presume the protocol does not allow the server to send a succession of
> "Type: Authentication request" packets with different Authentication
> types until it deems that one is acceptable?

Even if it did, existing clients would very likely be confused by it..

To be honest, I don't have a solution in mind for how to make this
happen, I was really just pointing out that there's a difference between
"we won't do that because we don't trust the sysadmin" and "that's not
an option due to how the system works today".  Perhaps one option would
be to look at the Negotiate protocol which mod_auth_kerb and friends use
and perhaps have that as an explicitly new auth mechanism.  A server set
up to provide that would, of course, have to consider if its users
supported it or not but that's true already- you can have situation
already though, a given client might not support gssapi, for example.

	Thanks,

		Stephen

Attachment: signature.asc
Description: Digital signature


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux