Re: [PATCH v20] GSSAPI encryption support

On Wed, Apr  3, 2019 at 08:49:25AM +0200, Magnus Hagander wrote:
> On Wed, Apr 3, 2019 at 12:22 AM Joe Conway <mail@joeconway.com> wrote:
>     Personally I don't find it as confusing as is either, and I find hostgss
>     to be a good analog of hostssl. On the other hand hostgssenc is long and
>     unintuitive. So +1 for leaving as is and -1 one for changing it IMHO.
> 
> 
> I think for those who are well versed in pg_hba (and maybe gss as well), it's
> not confusing. That includes me.
> 
> However, for a new user, I can definitely see how it can be considered
> confusing. And confusion in *security configuration* is always a bad idea, even
> if it's just potential.
> 
> Thus +1 on changing it.
> 
> If it was on the table it might have been better to keep hostgss and change the
> authentication method to gssauth or something, but that ship sailed *years*
> ago.

Uh, did we consider keeping hostgss and changing the auth part at the
end to "gssauth"?

-- 
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I.  As I am, so you will be. +
+                      Ancient Roman grave inscription +