Now that we have working GSSAPI authentication, I'd like to see the following done:
* Deprecate krb5 authentication in 8.3. At least in documentation, possibly with a warning when loading pg_hba.conf? * Remove krb5 authenticatino completely in 8.4. The reasons for this is: * krb5 auth doesn't do anything that gssapi doesn't. * krb5 authentication doesn't follow a published standard. It follows API examples from MIT later copied by Heimdal, but there is no documented standard. * krb5 authentication operates directly on the socket and as such violates the libpq protocol. This means it's not protected by SSL if you have SSL on your connection, and that it may misbehave with async sockets. This was actually on the agenda when we first talked about doig gssapi, but now that we have it it's time to bring it up again... Comments? //Magnus ---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly