Re: [HACKERS] Deprecations in authentication

On Sat, Jan 18, 2014 at 2:59 PM, Andrew Dunstan wrote: > > On 01/16/2014 08:01 AM, Magnus Hagander wrote: >> >> >> On Wed, Jan 15, 2014 at 6:57 PM, Tom Lane > > wrote: >> >> Magnus Hagander mailto:mag...@hagander.net>> >> >> writes: >> > One thing I noticed -

Re: [HACKERS] Deprecations in authentication

On Sat, Jan 18, 2014 at 3:59 PM, Andrew Dunstan wrote: > > On 01/16/2014 08:01 AM, Magnus Hagander wrote: > >> >> On Wed, Jan 15, 2014 at 6:57 PM, Tom Lane > t...@sss.pgh.pa.us>> wrote: >> >> Magnus Hagander mailto:mag...@hagander.net>> >> >> writes: >> > One thing I noticed - in MSVC

Re: [HACKERS] Deprecations in authentication

On 01/16/2014 08:01 AM, Magnus Hagander wrote: On Wed, Jan 15, 2014 at 6:57 PM, Tom Lane > wrote: Magnus Hagander mailto:mag...@hagander.net>> writes: > One thing I noticed - in MSVC, the config parameter "krb5" (equivalent of > the removed --wit

Re: [HACKERS] Deprecations in authentication

On Wed, Jan 15, 2014 at 6:57 PM, Tom Lane wrote: > Magnus Hagander writes: > > One thing I noticed - in MSVC, the config parameter "krb5" (equivalent of > > the removed --with-krb5) enabled *both* krb5 and gssapi, and there is no > > separate config parameter for gssapi. Do we want to rename tha

Re: [HACKERS] Deprecations in authentication

Magnus Hagander writes: > One thing I noticed - in MSVC, the config parameter "krb5" (equivalent of > the removed --with-krb5) enabled *both* krb5 and gssapi, and there is no > separate config parameter for gssapi. Do we want to rename that one to > "gss", or do we want to keep it as "krb5"? Renam

Re: [HACKERS] Deprecations in authentication

On Sat, Jan 11, 2014 at 9:45 PM, Peter Eisentraut wrote: > On Thu, 2013-10-24 at 20:37 +0200, Magnus Hagander wrote: > > On Thu, Oct 24, 2013 at 8:35 PM, Peter Eisentraut > > wrote: > > > On 10/18/12, 7:20 AM, Magnus Hagander wrote: > > >> 1. krb5 authentication. We've had gssapi since 8.3 (whic

Re: [HACKERS] Deprecations in authentication

On Thu, 2013-10-24 at 20:37 +0200, Magnus Hagander wrote: > On Thu, Oct 24, 2013 at 8:35 PM, Peter Eisentraut > wrote: > > On 10/18/12, 7:20 AM, Magnus Hagander wrote: > >> 1. krb5 authentication. We've had gssapi since 8.3 (which means in > all > >> supported versions). krb5 has been deprecated,

Re: [HACKERS] Deprecations in authentication

On 10/24/13, 2:37 PM, Magnus Hagander wrote: > They're not causing compiler warnings when you just build with gssapi, > correct? Only if you enable the native krb5? Well, actually I was just about to reply that gssapi is also deprecated. They want you to use some framework instead. That's someth

Re: [HACKERS] Deprecations in authentication

On Thu, Oct 24, 2013 at 8:35 PM, Peter Eisentraut wrote: > On 10/18/12, 7:20 AM, Magnus Hagander wrote: >> 1. krb5 authentication. We've had gssapi since 8.3 (which means in all >> supported versions). krb5 has been deprecated, also since 8.3. Time to >> remove it? > > OS X Mavericks has now marke

Re: [HACKERS] Deprecations in authentication

On 10/18/12, 7:20 AM, Magnus Hagander wrote: > 1. krb5 authentication. We've had gssapi since 8.3 (which means in all > supported versions). krb5 has been deprecated, also since 8.3. Time to > remove it? OS X Mavericks has now marked just about everything in krb5.h as deprecated, leading to compil

Re: [HACKERS] Deprecations in authentication

On 11/05/2012 04:54 PM, Magnus Hagander wrote: On Mon, Nov 5, 2012 at 10:21 PM, Andrew Dunstan > wrote: On 11/05/2012 01:53 PM, Magnus Hagander wrote: On Mon, Nov 5, 2012 at 7:50 PM, Andrew Dunstan mailto:and...@dunslane.net>

Re: [HACKERS] Deprecations in authentication

On Mon, Nov 5, 2012 at 10:21 PM, Andrew Dunstan wrote: > > On 11/05/2012 01:53 PM, Magnus Hagander wrote: > > >> On Mon, Nov 5, 2012 at 7:50 PM, Andrew Dunstan > and...@dunslane.net>> wrote: >> >> >> On 11/05/2012 12:13 PM, Magnus Hagander wrote: >> >> >> >> >> http://www.pgbuildfarm

Re: [HACKERS] Deprecations in authentication

On 11/05/2012 01:53 PM, Magnus Hagander wrote: On Mon, Nov 5, 2012 at 7:50 PM, Andrew Dunstan > wrote: On 11/05/2012 12:13 PM, Magnus Hagander wrote: http://www.pgbuildfarm.org/cgi-bin/show_status.pl ...it seems there are LOTS of machin

Re: [HACKERS] Deprecations in authentication

On Mon, Nov 5, 2012 at 7:50 PM, Andrew Dunstan wrote: > > On 11/05/2012 12:13 PM, Magnus Hagander wrote: > >> >> >> >> http://www.pgbuildfarm.org/**cgi-bin/show_status.pl >> >> ...it seems there are LOTS of machines building with krb5, a

Re: [HACKERS] Deprecations in authentication

On 11/05/2012 12:13 PM, Magnus Hagander wrote: http://www.pgbuildfarm.org/cgi-bin/show_status.pl ...it seems there are LOTS of machines building with krb5, and NONE with gssapi. AFAICS there is no icon for gssapi. So your first statement is correct, but the second one isn't.

Re: [HACKERS] Deprecations in authentication

On 11/5/12 12:13 PM, Magnus Hagander wrote: > AFAICS there is no icon for gssapi. So your first statement is correct, > but the second one isn't. Yeah, for example it's used here: http://buildfarm.postgresql.org/cgi-bin/show_log.pl?nm=smew&dt=2012-11-02%2011%3A38%3A04 -- Sent via pgsql-hackers

Re: [HACKERS] Deprecations in authentication

On Mon, Nov 5, 2012 at 6:10 PM, Robert Haas wrote: > On Mon, Nov 5, 2012 at 9:57 AM, Stephen Frost wrote: > > Magnus, > > > > * Magnus Hagander (mag...@hagander.net) wrote: > >> I have no idea what platform that would be. Both the standard > >> implementations of krb5 have supported gssapi since

Re: [HACKERS] Deprecations in authentication

On Mon, Nov 5, 2012 at 9:57 AM, Stephen Frost wrote: > Magnus, > > * Magnus Hagander (mag...@hagander.net) wrote: >> I have no idea what platform that would be. Both the standard >> implementations of krb5 have supported gssapi since forever. The only >> nonstandard environment we support there is

Re: [HACKERS] Deprecations in authentication

Magnus, * Magnus Hagander (mag...@hagander.net) wrote: > I have no idea what platform that would be. Both the standard > implementations of krb5 have supported gssapi since forever. The only > nonstandard environment we support there is Windows, and that one *only* > has support for GSSAPI/SSPI.

Re: [HACKERS] Deprecations in authentication

On Mon, Oct 22, 2012 at 4:24 PM, Stephen Frost wrote: > Magnus, all, > > * Magnus Hagander (mag...@hagander.net) wrote: > > On Thu, Oct 18, 2012 at 5:59 PM, Robert Haas > wrote: > > > That seems like a sufficiently long deprecation window, but is gssapi > > > a full substitute for krb5? I don't

Re: [HACKERS] Deprecations in authentication

Magnus, all, * Magnus Hagander (mag...@hagander.net) wrote: > On Thu, Oct 18, 2012 at 5:59 PM, Robert Haas wrote: > > That seems like a sufficiently long deprecation window, but is gssapi > > a full substitute for krb5? I don't really have a strong opinion on > > this, not being a user myself. >

Re: [HACKERS] Deprecations in authentication

On Thu, Oct 18, 2012 at 5:59 PM, Robert Haas wrote: > On Thu, Oct 18, 2012 at 7:20 AM, Magnus Hagander wrote: >> Since Simon stirred up a hornets nest suggesting deprecation of a >> number of features, I figured I'd take it one step further and suggest >> removal of some previously deprecated fea

Re: [HACKERS] Deprecations in authentication

On Thu, 2012-10-18 at 12:38 -0400, Tom Lane wrote: > I think the argument that it causes user confusion is a fairly strong > one, though. What is confusing, IMO, is changing the hba syntax all the time. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to y

Re: [HACKERS] Deprecations in authentication

On Thu, 2012-10-18 at 13:20 +0200, Magnus Hagander wrote: > In particular, we made a couple of changes over sveral releases back > in the authentication config, that we should perhaps consider > finishing by removing the old stuff now? > > 1. krb5 authentication. We've had gssapi since 8.3 (which

Re: [HACKERS] Deprecations in authentication

On 10/18/2012 04:43 AM, Simon Riggs wrote: On 18 October 2012 12:20, Magnus Hagander wrote: Since Simon stirred up a hornets nest suggesting deprecation of a number of features, I figured I'd take it one step further and suggest removal of some previously deprecated features :) I'm laughin

Re: [HACKERS] Deprecations in authentication

Robert Haas writes: > On Thu, Oct 18, 2012 at 7:20 AM, Magnus Hagander wrote: >> 2. ident-over-unix-sockets was renamed to "peer" in 9.1, with the old >> syntax deprecated but still mapping to the new one. Has it been there >> long enough that we should start throwing an error for ident on unix?

Re: [HACKERS] Deprecations in authentication

On Thu, Oct 18, 2012 at 7:20 AM, Magnus Hagander wrote: > Since Simon stirred up a hornets nest suggesting deprecation of a > number of features, I figured I'd take it one step further and suggest > removal of some previously deprecated features :) > > In particular, we made a couple of changes ov

Re: [HACKERS] Deprecations in authentication

On 18 October 2012 12:43, Simon Riggs wrote: > On 18 October 2012 12:20, Magnus Hagander wrote: > >> Since Simon stirred up a hornets nest suggesting deprecation of a >> number of features, I figured I'd take it one step further and suggest >> removal of some previously deprecated features :) > >

Re: [HACKERS] Deprecations in authentication

Simon Riggs wrote: > On 18 October 2012 12:20, Magnus Hagander wrote: > > > Since Simon stirred up a hornets nest suggesting deprecation of a > > number of features, I figured I'd take it one step further and suggest > > removal of some previously deprecated features :) > > I'm laughing at the a

Re: [HACKERS] Deprecations in authentication

On 18 October 2012 12:20, Magnus Hagander wrote: > Since Simon stirred up a hornets nest suggesting deprecation of a > number of features, I figured I'd take it one step further and suggest > removal of some previously deprecated features :) I'm laughing at the analogy that angry and unintellige

Re: [HACKERS] Deprecations in authentication

On 18 October 2012 12:37, Magnus Hagander wrote: > On Thu, Oct 18, 2012 at 1:32 PM, Simon Riggs wrote: >> On 18 October 2012 12:20, Magnus Hagander wrote: >> >>> 2. ident-over-unix-sockets was renamed to "peer" in 9.1, with the old >>> syntax deprecated but still mapping to the new one. Has it b

Re: [HACKERS] Deprecations in authentication

On Thu, Oct 18, 2012 at 1:32 PM, Simon Riggs wrote: > On 18 October 2012 12:20, Magnus Hagander wrote: > >> 2. ident-over-unix-sockets was renamed to "peer" in 9.1, with the old >> syntax deprecated but still mapping to the new one. Has it been there >> long enough that we should start throwing a

Re: [HACKERS] Deprecations in authentication

On 18 October 2012 12:20, Magnus Hagander wrote: > 2. ident-over-unix-sockets was renamed to "peer" in 9.1, with the old > syntax deprecated but still mapping to the new one. Has it been there > long enough that we should start throwing an error for ident on unix? Any reason to remove? Having tw

[HACKERS] Deprecations in authentication

Since Simon stirred up a hornets nest suggesting deprecation of a number of features, I figured I'd take it one step further and suggest removal of some previously deprecated features :) In particular, we made a couple of changes over sveral releases back in the authentication config, that we shou