On Mon, Jan 26, 2026 at 1:51 AM Zsolt Parragi <zsolt.parragi@percona.com> wrote:
> The choosing authentication method part would already
> be useful with OAuth, and now Joel also started a thread about fido2,
> which also brings the question of MFA.
Or just the ability to offer a choice between two authentication
methods for a single user, yeah.
> pg_hba has the same issue, even if it has custom key=value data
> already. What I meant is similarly how we could turn currently hard
> coded pg_hba settings into GUC variables, the same is doable with
> pg_hosts, either at a separate level or integrating it into the HBA
> context. And later either both should get a new line style and
> deprecate the old one, or maybe these settings should be configured
> completely differently.
Sure; at this point I think we're violently agreeing. If we suspect
the configuration UX needs to be refactored, that's not going to be a
decision made unilaterally in this thread, which is why I said I was
worried about the scope creep.
--Jacob
