Re: [PATCH v20] GSSAPI encryption support

Bruce Momjian <bruce@momjian.us> writes:

> On Wed, Apr  3, 2019 at 08:49:25AM +0200, Magnus Hagander wrote:
>> On Wed, Apr 3, 2019 at 12:22 AM Joe Conway <mail@joeconway.com> wrote:
>>
>> Personally I don't find it as confusing as is either, and I find
>> hostgss to be a good analog of hostssl. On the other hand hostgssenc
>> is long and unintuitive. So +1 for leaving as is and -1 one for
>> changing it IMHO.
>>
>> I think for those who are well versed in pg_hba (and maybe gss as
>> well), it's not confusing. That includes me.
>>
>> However, for a new user, I can definitely see how it can be
>> considered confusing. And confusion in *security configuration* is
>> always a bad idea, even if it's just potential.
>>
>> Thus +1 on changing it.
>>
>> If it was on the table it might have been better to keep hostgss and
>> change the authentication method to gssauth or something, but that
>> ship sailed *years* ago.
>
> Uh, did we consider keeping hostgss and changing the auth part at the
> end to "gssauth"?

I think that was implicitly rejected because we'd have to keep the
capability to configure "gss" there else break compatibility.

Thanks,
--Robbie