| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Michael Paquier <michael(at)paquier(dot)xyz>, Jeff Davis <pgsql(at)j-davis(dot)com>, samay sharma <smilingsamay(at)gmail(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Proposal: Support custom authentication methods using hooks |
| Date: | 2022-03-02 15:09:31 |
| Message-ID: | 20220302150931.GB10577@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Greetings,
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > * Bruce Momjian (bruce(at)momjian(dot)us) wrote:
> >> What is the logic to removing md5 but keeping 'password'?
>
> > I don't think we should keep 'password'.
>
> I don't see much point in that unless we deprecate *all* the
> auth methods that transmit a cleartext password.
I'm not sure that it's quite so simple. Perhaps we should also drop
LDAP and I don't really think PAM was ever terribly good for us to have,
but at least PAM and RADIUS could possibly be used with OTP solutions
(and maybe LDAP? Not sure, don't think I've seen that but perhaps..),
rendering sniffing of what's transmitted less valuable. We don't
support that for 'password' itself or for 'md5' in any serious way
though.
We really should drop ident already though.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2022-03-02 15:14:02 | Re: Proposal: Support custom authentication methods using hooks |
| Previous Message | Tom Lane | 2022-03-02 15:01:59 | Re: Proposal: Support custom authentication methods using hooks |