| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Daniel Farina <daniel(at)heroku(dot)com> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Vivek Singh Raghuwanshi <vivekraghuwanshi(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Keystone auth in PostgreSQL |
| Date: | 2012-03-16 01:38:20 |
| Message-ID: | 20551.1331861900@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Daniel Farina <daniel(at)heroku(dot)com> writes:
> From my vantage point, a rehash of federated authentication of some
> kind would be enormously useful, but it's not really clear if there
> are any concrete implementations worth supporting directly: I only
> wish it was much easier to delegate authentication so someone could
> implement, say, Keystone without excessive contortion. (Or maybe
> someone just needs to vend some advice on the "proper" way to
> delegate).
Our standard answer when someone asks for $random-auth-method is to
suggest that they find a PAM module for it and use PAM. I wouldn't
want to claim that PAM is a particularly great interface for this
sort of thing, but it's out there and I don't know of any serious
competition. The alternative of supporting $random-auth-method
directly doesn't scale very nicely...
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Noah Misch | 2012-03-16 01:52:12 | Re: foreign key locks, 2nd attempt |
| Previous Message | Alvaro Herrera | 2012-03-16 00:53:05 | Re: foreign key locks, 2nd attempt |