| From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
|---|---|
| To: | samay sharma <smilingsamay(at)gmail(dot)com>, Jacob Champion <pchampion(at)vmware(dot)com>, Aleksander Alekseev <aleksander(at)timescale(dot)com>, andrew(at)dunslane(dot)net, "andres(at)anarazel(dot)de" <andres(at)anarazel(dot)de> |
| Cc: | "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Proposal: Support custom authentication methods using hooks |
| Date: | 2022-03-23 19:59:10 |
| Message-ID: | df770761-61a4-17ac-6368-e1fa88702f10@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 15.03.22 20:27, samay sharma wrote:
> This patch-set adds the following:
>
> * Allow multiple custom auth providers to be registered (Addressing
> feedback from Aleksander and Andrew)
> * Modify the test extension to use SCRAM to exchange secrets (Based on
> Andres's suggestion)
> * Add support for custom auth options to configure provider's behavior
> (by exposing a new hook) (Required by OAUTHBEARER)
> * Allow custom auth methods to use usermaps. (Required by OAUTHBEARER)
Some feedback on this specific patch set:
Custom authentication methods should be able to register their own name
other than "custom". You ought to refactor things so that existing
methods such as ldap and pam go through your extension interface. So
the whole thing should be more like a lookup table or list with some
built-in entries that modules can dynamically add on to.
Then you also don't need a test module, since the existing
authentication methods would already test the interfaces.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2022-03-23 20:12:34 | Re: ubsan |
| Previous Message | Peter Geoghegan | 2022-03-23 19:59:01 | Re: Removing more vacuumlazy.c special cases, relfrozenxid optimizations |