> What about a public/private key mechanism, like ssh?
Yes, just use ssh as-is and run psql etc in a ssh tunnel
when running over insecure nets.
Making cryptography part of pgsql is not good idea for two reasons:
1. It is bloat
2. It make us targets of legal-problems (US-export-control etc).
IMHO, even Kerberous should be removed.
info about ssh is available at:
http://www.cs.hut.fi/ssh/ free version
http://www.ssh.fi/ commercial (+mac/windows) versions
regards,
--
---------------------------------------------
G�ran Thyni, sysadm, JMS Bildbasen, Kiruna