Re: Future of krb5 authentication

On Wed, Jul 18, 2007 at 10:46:58AM -0400, Tom Lane wrote:
> Magnus Hagander <magnus@hagander.net> writes:
> > But sure, we might leave it in there until there's a direct problem with it
> > (other than the ones we already know). Can I still get my deprecation of it
> > though? ;-)
> 
> In the krb4 case, we left it in there until there was very little
> probability anyone was using it anymore, and AFAIR there was no
> significant maintenance burden from that.  I don't see a reason to be
> harsher on the krb5 case.
> 
> The real problem in my mind is this business of the gssapi and krb5
> support being mutually exclusive.  That is going to cause tremendous
> pain because there won't be any convenient upgrade path.  Particularly
> not for users of binary packages (RPMs etc) --- they'll be screwed
> if their packager changes, and have no way to upgrade if he doesn't.
> This needs to be fixed.

Non, GSSAPI and krb5 are *not* mutually exclusive.

SSPI and GSSAPI are mutually exclusive.

You can use krb5 and GSSAPI or krb5 and SSPI just fine.

//Magnus