From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
---|---|
To: | samay sharma <smilingsamay(at)gmail(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
Subject: | Re: Proposal: Support custom authentication methods using hooks |
Date: | 2022-02-28 10:26:06 |
Message-ID: | 9f017d59-c3f8-5d7a-beba-ef7304bd8cf9@enterprisedb.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 17.02.22 20:25, samay sharma wrote:
> A use case where this is useful are environments where you want
> authentication to be centrally managed across different services. This
> is a common deployment model for cloud providers where customers like to
> use single sign on and authenticate across different services including
> Postgres. Implementing this now is tricky as it requires syncing that
> authentication method's credentials with Postgres (and that gets
> trickier with TTL/expiry etc.). With these hooks, you can implement an
> extension to check credentials directly using the
> authentication provider's APIs.
We already have a variety of authentication mechanisms that support
central management: LDAP, PAM, Kerberos, Radius. What other mechanisms
are people thinking about implementing using these hooks? Maybe there
are a bunch of them, in which case a hook system might be sensible, but
if there are only one or two plausible ones, we could also just make
them built in.
From | Date | Subject | |
---|---|---|---|
Next Message | Dagfinn Ilmari Mannsåker | 2022-02-28 10:50:01 | Re: psql: Make SSL info display more compact |
Previous Message | Peter Eisentraut | 2022-02-28 10:22:02 | Re: Proposal: Support custom authentication methods using hooks |