On Wed, Oct 14, 2009 at 11:44 PM, Stephen Frost <sfrost@snowman.net> wrote:
> * Tom Lane (tgl@sss.pgh.pa.us) wrote:
>> Peter Eisentraut <peter_e@gmx.net> writes:
>> > Well, you would lose anyway if the DBA switches the pg_hba.conf setting
>> > from md5 to password without telling you.
>>
>> True :-(. Anybody for a zero-knowledge protocol?
>>
>> (Realistically, non-password-based auth methods are the only real
>> solution here, I fear. We should probably be doing more to encourage
>> people to use SSL-cert-based authentication in low-trust situations.)
>
> Or GSSAPI.. Helping users understand how they can leverage their
> existing Kerberos or MS SSPI single-sign-on infrastructures to securely
> access PG would go a long way to reducing the password-based usage out
> there, imo. Of course, it'd be nice if we supported GSSAPI encrypted
> transport too. Separating the encryption into SSL is less than ideal.
Such solutions are exactly what I'd expect to actually go into
production in most places, but that doesn't mean that people don't pay
attention to the basic features offered as part of the core database
when they're early in the evaluation phase.
--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com