| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Aleksander Alekseev <aleksander(at)timescale(dot)com>, samay sharma <smilingsamay(at)gmail(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Proposal: Support custom authentication methods using hooks |
| Date: | 2022-02-24 12:34:42 |
| Message-ID: | 4dd67245-c4b2-4cea-7d7c-b829feb30e1c@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2/24/22 04:16, Aleksander Alekseev wrote:
> Hi Samay,
>
>> I wanted to submit a patch to expose 2 new hooks (one for the authentication check and another one for error reporting) in auth.c. These will allow users to implement their own authentication methods for Postgres or add custom logic around authentication.
> I like the idea - PostgreSQL is all about extendability. Also, well
> done with TAP tests and an example extension. This being said, I
> didn't look at the code yet, but cfbot seems to be happy with it:
> http://cfbot.cputube.org/
>
>> One constraint in the current implementation is that we allow only one authentication provider to be loaded at a time. In the future, we can add more functionality to maintain an array of hooks and call the appropriate one based on the provider name in the pg_hba line.
> This sounds like a pretty severe and unnecessary limitation to me. Do
> you think it would be difficult to bypass it in the first
> implementation?
Yeah, I think we would want a set of providers that could be looked up
at runtime.
I think this is likely to me material for release 16, so there's plenty
of time to get it right.
cheers
andrew
--
Andrew Dunstan
EDB: https://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Masahiko Sawada | 2022-02-24 12:51:05 | Re: Design of pg_stat_subscription_workers vs pgstats |
| Previous Message | Peter Eisentraut | 2022-02-24 12:31:40 | Re: convert libpq uri-regress tests to tap test |