* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Heikki Linnakangas <hlinnakangas@vmware.com> writes:
> > We could also support using a library like that for additional
> > authentication mechanisms, though, for those who really need them.
>
> We've already got a sufficiency of external authentication mechanisms.
> If people wanted to use non-built-in authentication, we'd not be having
> this discussion.
Just to be clear- lots of people *do* use the external authentication
mechanisms we provide, particularly Kerberos/GSSAPI. SASL would bring
us quite a few additional mechanisms (SQL-based, Berkley DB, one-time
passwords, RSA SecurID, etc..) and would mean we might be able to
eventually drop direct GSSAPI and LDAP support and have a better
alternative for those who want to use password-based auth.
Thanks,
Stephen