Hi guys,
I am new to PostgreSQL, so sorry for maybe stupid question. I am working on
some application implementing Frontend/Backend PG protocol and one of the
goals - having only "admin" users credentials (like postgres user) be able
to retrieve enough information from PG server (for example, from pg_authid
table) to perform authentication for any user created in PG (without any
user interaction, so we don't know the user's password).
It is fine for plain text or md5 authentication types, but it looks
impossible for scram-sha-256, since looking at the RFC 5802 and libpq
source code, the information presented in pg_authid
(SCRAM-SHA-256$<iteration count>: <salt>$<StoredKey>:<ServerKey>) is enough
only to perform server side authentication for external client and not
enough to authenticate on the PG as a client. This actually sounds
logically and reasonable in terms of infosec, so could you please that it
is not possible or maybe there is any way to achieve that?
Thanks in advance,
Vladimir