Re: Proposal: Support custom authentication methods using hooks

Greetings,

* Bruce Momjian (bruce(at)momjian(dot)us) wrote:
> On Wed, Mar 2, 2022 at 10:54:27AM -0500, Stephen Frost wrote:
> > It's our decision what we want to support and maintain in the code base
> > and what we don't. Folks often ask for things that we don't or won't
> > support and this isn't any different from that. We also remove things
> > on a rather regular basis even when they're being used- generally
> > because we have something better, as we do here. I disagree that an
> > argument of 'some people use it so we can't remove it' holds any weight
> > here.
>
> I disagree.

With... which? We removed recovery.conf without any warning between
major releases, yet it was used by every single PG file-based backup and
restore solution out there and by every single organization that had
ever done a restore of PG since it was introduced in 8.0. Passing
around cleartext passwords with the LDAP authentication method is
clearly bad from a security perspective and it's a bunch of code to
support that, along with it being quite complicated to configure and get
set up (arguably harder than Kerberos, if you want my 2c). If you want
to say that it's valuable for us to continue to maintain that code
because it's good and useful and might even be the only option for some
people, fine, though I disagree, but I don't think my argument that we
shouldn't keep it just because *someone* is using it is any different
from our general project policy about features.

Thanks,

Stephen