Home > mailing lists

Re: Proposal: Support custom authentication methods using hooks - Mailing list pgsql-hackers

From	Andres Freund
Subject	Re: Proposal: Support custom authentication methods using hooks
Date	March 17, 2022 20:30:32
Msg-id	20220317173032.gg74qmqtzab6qkz5@alap3.anarazel.de Whole thread Raw
In response to	Re: Proposal: Support custom authentication methods using hooks (Peter Eisentraut <peter.eisentraut@enterprisedb.com>)
Responses	Re: Proposal: Support custom authentication methods using hooks
List	pgsql-hackers

Tree view

Hi,

On 2022-03-17 12:10:51 +0100, Peter Eisentraut wrote:
> Looking at the existing authentication methods
> 
> # METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
> # "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
> 
> how many of these could have been implemented using a plugin mechanism that
> was designed before the new method was considered?  Probably not many.

trust, reject, md5, password, ident, peer, pam, ldap, radius look trivially
possible. I think sspi is doable as well, but I don't know it well enough to
be confident. gss without transport encryption could have as well, I
think. Even scram-sha-256 looks possible, although that'd have been a good bit
harder.  Where do you see the problems?

Only stuff tying into transport encryption is clearly not doable via the
proposed API, but that's hardly the fault of an authentication API?

Greetings,

Andres Freund

pgsql-hackers by date:

From: Bharath Rupireddy
Date: 17 March 2022, 20:05:50
Subject: Re: Allow async standbys wait for sync replication

From: Stephen Frost
Date: 17 March 2022, 21:03:31
Subject: Re: Proposal: Support custom authentication methods using hooks

Re: Proposal: Support custom authentication methods using hooks - Mailing list pgsql-hackers

Previous

Next