| From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
|---|---|
| To: | samay sharma <smilingsamay(at)gmail(dot)com> |
| Cc: | Andres Freund <andres(at)anarazel(dot)de>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Proposal: Support custom authentication methods using hooks |
| Date: | 2022-03-03 10:12:49 |
| Message-ID: | 2c872991-0841-a465-a6e0-24293e445140@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 02.03.22 21:49, samay sharma wrote:
> I think we are discussing two topics in this thread which in my opinion
> are orthogonal.
>
> (a) Should we make authentication methods pluggable by exposing these
> hooks? - These will allow users to add plugins of their own to support
> whatever auth method they like. One immediate use case (and what
> prompted me to start looking at this) is Azure Active Directory
> integration which is a common request from Azure customers. We could
> also, over time, move some of our existing auth methods into extensions
> if we don’t want to maintain them in core.
I don't think people are necessarily opposed to that.
At the moment, it is not possible to judge whether the hook interface
you have chosen is appropriate.
I suggest you actually implement the Azure provider, then make the hook
interface, and then show us both and we can see what to do with it.
One thing that has been requested, and I would support that, is that a
plugged-in authentication method should look like a built-in one. So
for example it should be able to register a real name, instead of
"custom". I think a fair bit of refactoring work might be appropriate
in order to make the authentication code more modular.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Melih Mutlu | 2022-03-03 10:16:15 | Re: Mingw task for Cirrus CI |
| Previous Message | Ashutosh Sharma | 2022-03-03 10:09:44 | Re: Make mesage at end-of-recovery less scary. |