From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Jeff Davis <pgsql(at)j-davis(dot)com> |
Cc: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>, Michael Paquier <michael(at)paquier(dot)xyz>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Add "password_protocol" connection parameter to libpq |
Date: | 2019-08-10 00:03:40 |
Message-ID: | 20190810000340.GT16436@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Greetings,
* Jeff Davis (pgsql(at)j-davis(dot)com) wrote:
> On Sat, 2019-08-10 at 00:17 +0300, Heikki Linnakangas wrote:
> > auth_methods = 'MITM, -password, -md5'
>
> Keep in mind this is client configuration, so something reasonable in
> postgresql.conf might not be so reasonable in the form:
Yeah, that's a really good point.
> postgresql://foo:secret(at)myhost/mydb?auth_methods=MITM%2C%20-
> password%2C%20-md5
>
> Another thing to consider is that there's less control configuring on
> the client than on the server. The server will send at most one
> authentication request based on its own rules, and all the client can
> do is either answer it, or disconnect. And the SSL stuff all happens
> before that, and won't use an authentication request message at all.
Note that GSSAPI Encryption works the same as SSL in this regard.
Thanks,
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Jim Finnerty | 2019-08-10 01:27:04 | Re: [survey] New "Stable" QueryId based on normalized query text |
Previous Message | Jeff Davis | 2019-08-09 23:54:14 | Re: Add "password_protocol" connection parameter to libpq |