On 01/20/2011 05:28 PM, Daniel Farina wrote:
> Hello list,
>
> I wanted to test the waters on how receptive people might be to an
> extension that would allow Postgres to support two passwords for a
> given role. I have recently encountered a case where this would be
> highly useful when performing rolling password upgrades across many
> client applications and/or application instances.
>
> It is possible (as far as I know) to get around some of the sticker
> parts of this with some teeth gnashing, using some CREATE ROLE ... IN
> ROLE dancing, but I wanted to see if there was any interest in
> supporting this "for real."
>
> This design is not uncommon, one example is Amazon Web Services (e.g.
> EC2, S3), whereby one identification key can have many, independently
> revokable secret keys.
>
> I haven't given much thought to the mechanism yet, rather, I am just
> trying to assess gut reactions on the principle.
Have you thought of trying to use an external auth source like LDAP for
such a scheme?
cheers
andrew