Re: [PoC/RFC] Multiple passwords, interval expirations - Mailing list pgsql-hackers

From Jeff Davis
Subject Re: [PoC/RFC] Multiple passwords, interval expirations
Date
Msg-id 1ef3dfdb9f1f1f84286e431507c80eb4ab5a7ff4.camel@j-davis.com
Whole thread Raw
In response to Re: [PoC/RFC] Multiple passwords, interval expirations  (Stephen Frost <sfrost@snowman.net>)
Responses Re: [PoC/RFC] Multiple passwords, interval expirations
List pgsql-hackers
On Wed, 2023-10-18 at 14:48 -0400, Stephen Frost wrote:
> Right, we need more observability, agreed, but that's not strictly
> necessary of this patch and could certainly be added independently. 
> Is
> there really a need to make this observability a requirement of this
> particular change?

I won't draw a line in the sand, but it feels like something should be
there to help the user keep track of which password they might want to
keep. At least a "created on" date or something.

> > (Aside: is the uniqueness of the salt enforced in the current
> > patch?)
>
> Err, the salt has to be *identical* for each password of a given
> user,
> not unique, so I'm a bit confused here.

Sorry, my mistake.

If the client needs to use the same salt as existing passwords, can you
still use PQencryptPasswordConn() on the client to avoid sending the
plaintext password to the server?

Regards,
    Jeff Davis




pgsql-hackers by date:

Previous
From: Erik Wienhold
Date:
Subject: Re: Fix output of zero privileges in psql
Next
From: Andrei Lepikhov
Date:
Subject: Re: Add the ability to limit the amount of memory that can be allocated to backends.