| From: | Neil Chen <carpenter(dot)nail(dot)cz(at)gmail(dot)com> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Masahiko Sawada <masahiko(dot)sawada(at)2ndquadrant(dot)com> |
| Subject: | Re: Proposed patch for key managment |
| Date: | 2020-12-18 03:19:02 |
| Message-ID: | CAA3qoJ=HNhrfKLNQwi7+gkqq6EW85uxPha9phH76SfhZwRBnxg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Dec 18, 2020 at 3:02 AM Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>
> Here is a run of all four authentication methods, and updated scripts.
> I have renamed Yubiki to PIV since the script should work with anY
> PIV-enabled deviced, like a CAC.
>
>
Thanks for attaching these patches.
The unfortunate thing is that I am not very familiar with yubikey, so I
will try to read it but may not be able to give useful advice.
Regarding the location of script storage, why don't we name them like
"pass_fd.sh.sample" and store them in the $DATA/share/postgresql directory
after installation, where other .sample files are also stored here. In the
source code directory, just put them in a directory related to KMGR.
Through your suggestions, I am learning about Cybertec's TDE which is a
relatively "complete" implementation. I will continue to rely on these TDE
patches and the goals listed in the Wiki to verify whether the KMS system
can support our future feature.
Thanks.
--
There is no royal road to learning.
HighGo Software Co.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2020-12-18 03:21:14 | Re: Proposed patch for key managment |
| Previous Message | Bruce Momjian | 2020-12-18 03:14:14 | Re: Proposed patch for key managment |