Just the SSPI piece. Right now we run a mixture of PostgreSQL and SQL Server and the one fustrating thing is that we have to have separate security architectures for them. The SQL Server environment is nice because it allows SSPI and eliminates the need to pass around passwords everywhere.
In the postgres environment, we've worked around that by "Trusting" the postgres user from certain locked down and protected IP addresses so that we don't need to store passwords but that would never win any security awards. :) SSPI will enable us to create services that run as that registered user and as long as that user can obtain an authenticated kerb ticket, we can ensure that are the user they say they are. Much nicer model... Looking forward to this release. When will it be available? Paul -----Original Message----- From: Magnus Hagander [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 18, 2007 6:42 AM To: Paul Silveira Cc: pgsql-hackers@postgresql.org Subject: Re: [HACKERS] SSPI authentication On Tue, Jul 17, 2007 at 11:00:35AM -0700, Paul Silveira wrote: > > This is great. I've worked on 2 projects in the last year that desperately > needed this. It will certainly make the security model more seamless... Thanks for letting us know. Are you interested in just the SSPI parts, or also in being able to use both SSPI and GSSAPI at the same time? //Magnus ---------------------------(end of broadcast)--------------------------- TIP 3: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq
