On Wed, Apr 3, 2019 at 08:49:25AM +0200, Magnus Hagander wrote:
> On Wed, Apr 3, 2019 at 12:22 AM Joe Conway <mail@joeconway.com> wrote:
> Personally I don't find it as confusing as is either, and I find hostgss
> to be a good analog of hostssl. On the other hand hostgssenc is long and
> unintuitive. So +1 for leaving as is and -1 one for changing it IMHO.
>
>
> I think for those who are well versed in pg_hba (and maybe gss as well), it's
> not confusing. That includes me.
>
> However, for a new user, I can definitely see how it can be considered
> confusing. And confusion in *security configuration* is always a bad idea, even
> if it's just potential.
>
> Thus +1 on changing it.
>
> If it was on the table it might have been better to keep hostgss and change the
> authentication method to gssauth or something, but that ship sailed *years*
> ago.
Uh, did we consider keeping hostgss and changing the auth part at the
end to "gssauth"?
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +