Re: Design Considerations for New Authentication Methods

Tom, Josh, etc.:

> But if you're looking for a "big application" that uses Kerberos,
> there's that pesky thing called Windows. Every single Windows machine in
> an active directory domain environment is a Kerberos client, and uses
> Kerberos for authentication to all network services.

Kerberos with GSSAPI is also widely used for Solaris, so supporting it helps a 
lot in getting a large proportion of Solaris users to adopt PostgreSQL.

> So Kerberos is definitly big. And more and more apps do support GSSAPI
> for authentication. Not that many apps support "raw kerberos" as pgsql
> does, probably because it does have some compatibility issues and such
> things.

Yes ... if we were looking to cut down on both code and dependency bugs, we 
might consider desupporting "raw Kerberos".   At this point, I think that 
everyone who supports Kerberos supports GSSAPI, unless we're still committed 
to supporting users of Red Hat 7.0 (Tom?).

-- 
Josh Berkus
PostgreSQL @ Sun
San Francisco