| From: | Nicholas Chammas <nicholas(dot)chammas(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-admin(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Amazon RDS auth tokens in .pgpass |
| Date: | 2020-08-31 19:12:01 |
| Message-ID: | CAOhmDzejZ2N3kNL42crFNViPVw7jtzV2Pz3tcmTmONUqNZS1AQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Mon, Aug 31, 2020 at 2:04 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Looking at the source code, there's a hard-wired restriction that lines of
> .pgpass can't be more than 320 characters long (well, NAMEDATALEN*5, but
> very few builds don't have NAMEDATALEN=64). I see that somebody very
> recently added code to make libpq print a warning for overlength lines,
> but I wonder why they didn't just, um, remove the restriction. We had
> not previously heard of a use-case for passwords with hundreds of
> characters in them, but I guess we need to cope.
>
Just FYI, the auth tokens generated by Amazon RDS appear to be 796 bytes
long.
```
$ aws rds generate-db-auth-token --hostname "
some-host.us-east-1.rds.amazonaws.com" --port 5432 --region us-east-1
--username someuser | wc -c
796
```
If you're in a position to rebuild libpq, could you check that changing
> LINELEN in fe-connect.c to something large enough (like 1K) fixes your
> problem? While that's clearly one issue, it'd be good to verify that
> there's not another one lurking behind it.
>
I'm not in an easy position to do that (having not contributed code to the
project before), but I'd be happy to provide more information about my use
case or about how IAM-based authentication works as it relates to Postgres.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sanjib Mohanty | 2020-09-01 10:43:09 | Postgres Replication on a different network interface |
| Previous Message | Tom Lane | 2020-08-31 18:37:21 | Re: Amazon RDS auth tokens in .pgpass |