[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Encrypting data during replication?????

>There is the kerberos thing, but it is only for authentication, it does not actually encrypt the data. 

When there is SASL support, perhaps this will be an option, using
the GSS-API SASL mechanism.

The tricky thing about Kerberos and long-lived clients (such as
replication daemons) is that you need to refresh the credentials
cache before the ticket expires. This is logic which is not to
my knowledge provided by the Kerberos client library.


-- Luke


luke howard                                                  lukeh@PADL.COM 
PADL software pty ltd                                   http://www.PADL.COM