| From: | Aleksander Alekseev <aleksander(at)timescale(dot)com> |
|---|---|
| To: | samay sharma <smilingsamay(at)gmail(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Proposal: Support custom authentication methods using hooks |
| Date: | 2022-02-24 09:16:52 |
| Message-ID: | CAJ7c6TNAD0XfQwoYdPDNhy=40X1w0VXVCSyb6LJSD13OXUhJkg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi Samay,
> I wanted to submit a patch to expose 2 new hooks (one for the authentication check and another one for error reporting) in auth.c. These will allow users to implement their own authentication methods for Postgres or add custom logic around authentication.
I like the idea - PostgreSQL is all about extendability. Also, well
done with TAP tests and an example extension. This being said, I
didn't look at the code yet, but cfbot seems to be happy with it:
http://cfbot.cputube.org/
> One constraint in the current implementation is that we allow only one authentication provider to be loaded at a time. In the future, we can add more functionality to maintain an array of hooks and call the appropriate one based on the provider name in the pg_hba line.
This sounds like a pretty severe and unnecessary limitation to me. Do
you think it would be difficult to bypass it in the first
implementation?
--
Best regards,
Aleksander Alekseev
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2022-02-24 09:20:39 | Re: Design of pg_stat_subscription_workers vs pgstats |
| Previous Message | Aleksander Alekseev | 2022-02-24 09:02:54 | Re: PATCH: add "--config-file=" option to pg_rewind |