Re: [HACKERS] Kerberos 5 breakage.

"Matthew N. Dodd" <winter@jurai.net> writes:

> I've compiled with kerberos 4 compatibility mode libraries in kerberos 5
> and it appears to compile, link and run but I've not got a good testbed
> for kerberos 4.

The Kerberos 4 stuff works fine with real Kerberos 4 libraries.

> While Kerberos 5 authentication and authorization is nice, I'd like to
> investigate the possibility of adding encryption as well.

Absolutely.  This should be specified in the pg_hba.conf file, so that
you could demand Kerberos authentication plus encryption for sensitive
data.  When not demanded by pg_hba.conf, it should be a client option.

-tih
--
Popularity is the hallmark of mediocrity.  --Niles Crane, "Frasier"