Re: Proposed patch for key managment - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Proposed patch for key managment
Date
Msg-id 20201218032114.GB28841@momjian.us
Whole thread Raw
In response to Re: Proposed patch for key managment  (Neil Chen <carpenter.nail.cz@gmail.com>)
List pgsql-hackers
On Fri, Dec 18, 2020 at 11:19:02AM +0800, Neil Chen wrote:
> 
> 
> On Fri, Dec 18, 2020 at 3:02 AM Bruce Momjian <bruce@momjian.us> wrote:
> 
> 
>     Here is a run of all four authentication methods, and updated scripts.
>     I have renamed Yubiki to PIV since the script should work with anY
>     PIV-enabled deviced, like a CAC.
> 
> 
>  
> Thanks for attaching these patches. 
> The unfortunate thing is that I am not very familiar with yubikey, so I will
> try to read it but may not be able to give useful advice. 
> Regarding the location of script storage, why don't we name them like
> "pass_fd.sh.sample" and store them in the $DATA/share/postgresql directory
> after installation, where other .sample files are also stored here. In the
> source code directory, just put them in a directory related to KMGR.

Yeah, that makes sense.  They are small.

> Through your suggestions, I am learning about Cybertec's TDE which is a
> relatively "complete" implementation. I will continue to rely on these TDE
> patches and the goals listed in the Wiki to verify whether the KMS system can
> support our future feature.

Great to hear, thanks.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EnterpriseDB                             https://enterprisedb.com

  The usefulness of a cup is in its emptiness, Bruce Lee




pgsql-hackers by date:

Previous
From: Neil Chen
Date:
Subject: Re: Proposed patch for key managment
Next
From: Michael Paquier
Date:
Subject: Refactor routine to check for ASCII-only case