| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Nicholas Chammas <nicholas(dot)chammas(at)gmail(dot)com>, pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Amazon RDS auth tokens in .pgpass |
| Date: | 2020-08-31 18:16:48 |
| Message-ID: | 20200831181648.GT29590@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Greetings,
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Nicholas Chammas <nicholas(dot)chammas(at)gmail(dot)com> writes:
> > It's only the combination of a) .pgpass and b) RDS auth token that doesn't
> > work. This leads me to believe something is going wrong on a code path
> > specific to .pgpass, or that there are some undocumented restrictions on
> > what can go in .pgpass.
>
> Looking at the source code, there's a hard-wired restriction that lines of
> .pgpass can't be more than 320 characters long (well, NAMEDATALEN*5, but
> very few builds don't have NAMEDATALEN=64). I see that somebody very
> recently added code to make libpq print a warning for overlength lines,
> but I wonder why they didn't just, um, remove the restriction. We had
> not previously heard of a use-case for passwords with hundreds of
> characters in them, but I guess we need to cope.
My memory might be faulty, but I've got some specific recollection of
people complaining about this before and the community response being
"who would ever need such very long things?!"
In particular, this seems relevant...
https://www.postgresql.org/message-id/29496.1539388920%40sss.pgh.pa.us
but I'm also inclined to add support for these longer values.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2020-08-31 18:21:03 | Re: Amazon RDS auth tokens in .pgpass |
| Previous Message | Tom Lane | 2020-08-31 18:04:00 | Re: Amazon RDS auth tokens in .pgpass |