douglasawh
commented
2 years ago @jcmturner I too am wondering this. I can see there is some encoding in the code, but I cannot tell if that code is for encryption or not
Open Sireax opened 2 years ago
douglasawh
commented
2 years ago @jcmturner I too am wondering this. I can see there is some encoding in the code, but I cannot tell if that code is for encryption or not
Sireax
commented
2 years ago @jcmturner I too am wondering this. I can see there is some encoding in the code, but I cannot tell if that code is for encryption or not
No there is not. But I managed to add it by myself using another gssapi library
Sireax
commented
2 years ago By the way, it is not really related to gokrb itself, implementations will differ for some services and databases
nicowilliams
commented
1 year ago What is a "GSSAPI encryption mechanism"? Can you refer to a specific C/Java or abstract function/method from RFC 2743, 2744, etc?
tsipinakis
commented
1 year ago I have just sent a PR that implements all the required framework to implement a GSS-API server. This is now possible with this library.
Edit: It's unclear if this issue is talking about the client-side or server-side GSS-API protocol. Sever side is now possible for sure (I have implemented one, client-side is probably also possible).
I am trying to connect to postgres with GSSAPI using third-party plugin gopgkrb5. It uses gokrb5 to conduct all the operations. Kerberos authentication completes successfully, but it is done without GSSAPI Encryption (Integrity as far as I know). So all the traffic goes through insecure network. It seems like gokrb5 does not support GSSAPI Integrity, but im not sure. If there is any clue how to do that, could you please help me out?
Original issue: https://github.com/jackc/pgx/issues/1220