Re: WIP: SCRAM authentication

On Mon, Aug 10, 2015 at 6:05 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Sehrope Sarkuni (sehrope(at)jackdb(dot)com) wrote:
>> It'd be nice if the new auth mechanism supports multiple passwords in the
>> same format as well (not just one per format).
>>
>> That way you could have two different passwords for a user that are active
>> at the same time. This would simplify rolling database credentials as it
>> wouldn't have to be done all at once. You could add the new credentials,
>> update your app servers one by one, then disable the old ones.
>>
>> A lot of systems that use API keys let you see the last time a particular
>> set of keys was used. This helps answer the "Is this going to break
>> something if I disable it?" question. Having a last used at timestamp for
>> each auth mechanism (per user) would be useful.
>
> Excellent points and +1 to all of these ideas from me.

Interesting. I haven't thought of that and those are nice suggestions.
I am not convinced that this is something to tackle with a first
version of the patch though, I am sure we'll have enough problems to
deal with to get out a nice base usable for future improvements as
well.
--
Michael