On Thu, 2022-02-24 at 19:47 -0800, Andres Freund wrote:
> Why is it restricted to that? You could do sasl negotiation as well
> from what
> I can see? And that'd theoretically also allow to negotiate whether
> the client
> supports different ways of doing auth? Not saying that that's easy,
> but I
> don't think it's a fundamental restriction.
Good point! It would only work with enhanced clients though -- maybe in
the future we'd make libpq pluggable with new auth methods?
> We have several useful authentication technologies built ontop of
> plaintext
> exchange. Radius, Ldap, Pam afaics could be implemented as an
> extension?
Yes, and it means that we won't have to extend that list in core in the
future when new methods become popular.
Regards,
Jeff Davis
