Re: [pgAdmin4][Patch]- Feature #7012 - disable master password requirement when using alternative auth source

Thanks, the patch applied.

On Mon, Apr 11, 2022 at 12:00 PM Khushboo Vashi <
khushboo(dot)vashi(at)enterprisedb(dot)com> wrote:

> Hi,
>
> Please find the attached patch to implement the feature #7012 - Disable
> master password requirement when using alternative auth source
>
> When pgAdmin stores a connection password, it encrypts it using a key that
> is formed either from the master password, or from the pgAdmin login
> password for the user. In the case of auth methods such as OAuth, Kerberos
> or Webserver, pgAdmin doesn't have access to anything long-lived to form
> the encryption key from, hence it uses the master password. And if the
> master is disabled, there is no way to store the connection password.
>
> To resolve this, we have added an option to config.py (which defaults to
> None) for an alternate encryption key. pgAdmin would use this if a) the
> master password is disabled AND b) there is no suitable key/password
> available from the auth module for the user. If the option is set to
> None, pgAdmin works as it does now.
>
> Thanks,
> Khushboo
>

--
*Thanks & Regards*
*Akshay Joshi*
*pgAdmin Hacker | Principal Software Architect*
*EDB Postgres <http://edbpostgres.com>*

*Mobile: +91 976-788-8246*