| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Zsolt Parragi <zsolt(dot)parragi(at)percona(dot)com> |
| Cc: | VASUKI M <vasukianand0119(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, david(dot)g(dot)johnston(at)gmail(dot)com, Robert Haas <robertmhaas(at)gmail(dot)com>, myon(at)debian(dot)org |
| Subject: | Re: Custom oauth validator options |
| Date: | 2026-01-27 17:40:32 |
| Message-ID: | CAOYmi+mS=cpKk_jcuUaJz+noB8Gj=M06e9AdDQYcJRpXDARJYA@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Jan 26, 2026 at 1:51 AM Zsolt Parragi <zsolt(dot)parragi(at)percona(dot)com> wrote:
> The choosing authentication method part would already
> be useful with OAuth, and now Joel also started a thread about fido2,
> which also brings the question of MFA.
Or just the ability to offer a choice between two authentication
methods for a single user, yeah.
> pg_hba has the same issue, even if it has custom key=value data
> already. What I meant is similarly how we could turn currently hard
> coded pg_hba settings into GUC variables, the same is doable with
> pg_hosts, either at a separate level or integrating it into the HBA
> context. And later either both should get a new line style and
> deprecate the old one, or maybe these settings should be configured
> completely differently.
Sure; at this point I think we're violently agreeing. If we suspect
the configuration UX needs to be refactored, that's not going to be a
decision made unilaterally in this thread, which is why I said I was
worried about the scope creep.
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jingtang Zhang | 2026-01-27 17:41:52 | Optimize CPU usage of dropping buffers during recovery |
| Previous Message | Andres Freund | 2026-01-27 17:38:40 | Re: Report bytes and transactions actually sent downtream |