> > * Henry B. Hotz ([EMAIL PROTECTED]) wrote: > >> I've been looking at adding SASL or GSSAPI as an auth > method. I have > >> some questions about how to handle the flow of control changes. > > > > Great! I'd love to see that implemented, personally, so if you're > > looking for help, please let me know. > > Thank you. I will! ;-) > > Do you know Java? I'm doing this ultimately because I want > the JDBC driver to support encrypted connections with > Kerberos and without needing SSL. As an added plus a > Windows-native client should support it.
Interesting, I thought you were going for the authentication only. What's the real gain in doing Kerberos encryption over SSL encryption? Doesn't Java come with SSL support anyway these days? > My main hesitation between SASL and GSSAPI is that the > Windows equivalent APIs for SASL have not received the same > degree of interoperability testing as SSPI<-->GSSAPI. I > don't have a published example to crib from. For general > information the relevant calls are at the bottom of > <http://msdn.microsoft.com/library/default.asp?url=/ > library/en-us/secauthn/security/authentication_functions.asp>. One reason for this could be that they appear to be available only on server platforms, and not on cilents, if you look at the documentation. That said, I have the DLL file and the export functions on my XP machine, so it's definitly present there - I'm unsure if it *works* or is supported. My registry does indicate that I have the GSSAPI profile for SASL, which would be an indication that it should. //Magnus ---------------------------(end of broadcast)--------------------------- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq
