| From: | Christoph Berg <myon(at)debian(dot)org> |
|---|---|
| To: | Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Thomas Munro <thomas(dot)munro(at)gmail(dot)com>, Nazir Bilal Yavuz <byavuz81(at)gmail(dot)com>, Peter Eisentraut <peter(at)eisentraut(dot)org>, Antonin Houska <ah(at)cybertec(dot)at> |
| Subject: | Re: [PoC] Federated Authn/z with OAUTHBEARER |
| Date: | 2025-03-31 14:06:49 |
| Message-ID: | Z-qheTno9lYmjrJu@msg.df7cb.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Re: Andres Freund
> > Yes. Also, none of this has addressed my complaint about the extent
> > of the build and install dependencies. Yes, simply not selecting
> > --with-libcurl removes the problem ... but most packagers are under
> > very heavy pressure to enable all features of a package.
And this feature is kind of only useful if it's available anywhere. If
only half of your clients are able to use SSO, you'd probably stick
with passwords anyway. So it needs to be enabled by default.
> How about we provide the current libpq.so without linking to curl and also a
> libpq-oauth.so that has curl support? If we do it right libpq-oauth.so would
> itself link to libpq.so, making libpq-oauth.so a fairly small library.
>
> That way packagers can split libpq-oauth.so into a separate package, while
> still just building once.
That's definitely a good plan. The blast radius of build dependencies
isn't really a problem, the install/run-time is.
Perhaps we could do the same with libldap and libgssapi? (Though
admittedly I have never seen any complaints or nagging questions from
security people about these.)
Christoph
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Yugo NAGATA | 2025-03-31 14:09:56 | Re: Allow ILIKE forward matching to use btree index |
| Previous Message | Sri Keerthi | 2025-03-31 14:03:47 | Deadlock detected while executing concurrent insert queries on same table |