Re: Preliminary GSSAPI Patches

I'm not suggesting any change.  Merely correcting a misstatement I
made earlier.

I believe the documentation already recommends best practice.

On Oct 10, 2007, at 10:53 AM, Magnus Hagander wrote:

> Tom Lane wrote:
>> "Henry B. Hotz" <hbhotz@oxy.edu> writes:
>>> You know, I don't know what I was thinking when I sent this.  My
>>> apologies for the late correction.
>>>
>>> Anyone who has a copy of the "host" keys for a machine can
>>> manufacture kerberos tickets for the "host" service on that machine
>>> masquerading as absolutely anyone (including people who don't
>>> exist).  Same for the "postgres" keys, and if the postgres server
>>> can
>>> steal the host keys (or vice versa) then it's even worse.
>>> [snip...]
>>
>> Maybe I'm too dense, but I don't see a conclusion here.  Do we
>> need to
>> change our code, our docs, both, or neither?
>
> I don't think we do. If you use service keys per our documentation,
> you
> should be fine. And if someone owns your host keys, you lost already.
>
> //Magnus

------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu