Re: Subprocess generated password

And this looks similar to -
https://github.com/pgadmin-org/pgadmin4/issues/3491

On Tue, Oct 11, 2022 at 10:27 AM Khushboo Vashi <
khushboo(dot)vashi(at)enterprisedb(dot)com> wrote:

> Hi,
>
> On Mon, Oct 10, 2022 at 1:38 PM Elias Bergquist <elias(at)acuminor(dot)com>
> wrote:
>
>> Hi,
>>
>>
>>
>> I have been hacking on a feature that instead of using a static password
>> when connecting to the psql server executes a subprocess which prints a
>> temporary auth token to stdout.
>>
>>
>>
>> This is to make the workflow more bearable when using AWS RDS with iam
>> authentication.
>>
>>
>>
>> aws-iam auth tokens are generated with the ASW cli, used as sql password,
>> and expires after 15 minutes. That means that any reconnects after that
>> time will fail – and not in a way that spawns any password dialog (“FATAL:
>> PAM authentication failed”).
>>
>>
>>
>> I’m thinking of the feature like an addition to “passfile”, lets call it
>> “passexec”.
>>
>>
>>
>> 2 new (advanced?) server settings:
>>
>> * passexec cmd line
>>
>> * passexec expiry minutes
>>
>>
>>
> To support this, AWS cli should be installed on the pgAdmin server. So, in
> the desktop mode, if the user has installed it, it will work. For the web
> mode, (server mode), what is your proposal ?
>
>> If last passexec is older than expiry, a new invocation result is used –
>> basically an expiring cache.
>>
>>
>>
>> I think this would benefit the pgadmin community – would you be
>> interested in a PR?
>>
>>
>>
>> /Elias
>>
>

--
Thanks,
Aditya Toshniwal
pgAdmin Hacker | Software Architect | *edbpostgres.com*
<http://edbpostgres.com>
"Don't Complain about Heat, Plant a TREE"