Greetings,
* Bruce Momjian (bruce@momjian.us) wrote:
> On Wed, Mar 2, 2022 at 10:29:45AM -0500, Stephen Frost wrote:
> > We don't require SSL to be used with them..? Further, as already
> > discussed on this thread, SSL only helps with on-the-wire, doesn't
> > address the risk of a compromised server. LDAP, in particular, is
> > terrible in this regard because it's a centralized password system,
> > meaning that one compromised server will lead to an attacker gaining
> > full access to the victim's account throughout the enterprise.
>
> Yes, but the site chose LDAP, and I don't think it is our place to tell
> them what to use.
It's our decision what we want to support and maintain in the code base
and what we don't. Folks often ask for things that we don't or won't
support and this isn't any different from that. We also remove things
on a rather regular basis even when they're being used- generally
because we have something better, as we do here. I disagree that an
argument of 'some people use it so we can't remove it' holds any weight
here.
Thanks,
Stephen