Message-ID: <gh-pgjdbc-pgjdbc-3895-rc2864540680@github.com>
From: "vlsi (@vlsi)" <noreply+vlsi@github.com>
To: "pgjdbc/pgjdbc" <noreply+pgjdbc-pgjdbc@github.com>
Date: Fri, 27 Feb 2026 14:14:46 +0000
Subject: Re: [pgjdbc/pgjdbc] PR #3895: implement require_auth, this is pretty much how libpq does this. 
In-Reply-To: <gh-pgjdbc-pgjdbc-3895-rc2840753318@github.com>
References: <gh-pgjdbc-pgjdbc-3895@github.com> <gh-pgjdbc-pgjdbc-3895-rc2840753318@github.com>
List-Id: <gh-pgjdbc-pgjdbc.github.com>
X-GitHub-Author-Login: vlsi
X-GitHub-Comment-Id: 2864540680
X-GitHub-Comment-Type: review_comment
X-GitHub-Commit: 13f1426fb9cbad5f6607368037a765ef92b3875e
X-GitHub-Issue: 3895
X-GitHub-Line: 985
X-GitHub-Path: pgjdbc/src/main/java/org/postgresql/core/v3/ConnectionFactoryImpl.java
X-GitHub-Repo: pgjdbc/pgjdbc
X-GitHub-Type: review_comment
X-GitHub-Url: https://github.com/pgjdbc/pgjdbc/pull/3895#discussion_r2864540680
Content-Type: text/plain; charset=utf-8

(on pgjdbc/src/main/java/org/postgresql/core/v3/ConnectionFactoryImpl.java:985)

There's server-side comment: https://github.com/postgres/postgres/blob/16743db061e431d40522547c6436af6616026caa/src/interfaces/libpq/fe-auth.c#L969-L971

"If implicit GSS auth has already been performed via GSS
					 * encryption, we don't need to have performed an
					 * AUTH_REQ_GSS exchange"

It implies GSS auth can indeed happen via GSS encryption.