| From: | Elias Bergquist <elias(at)acuminor(dot)com> |
|---|---|
| To: | "pgadmin-hackers(at)postgresql(dot)org" <pgadmin-hackers(at)postgresql(dot)org> |
| Subject: | Subprocess generated password |
| Date: | 2022-10-10 06:21:09 |
| Message-ID: | GV3P280MB0433D8A5D381EE63501E3B2CC7209@GV3P280MB0433.SWEP280.PROD.OUTLOOK.COM |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
Hi,
I have been hacking on a feature that instead of using a static password when connecting to the psql server executes a subprocess which prints a temporary auth token to stdout.
This is to make the workflow more bearable when using AWS RDS with iam authentication.
aws-iam auth tokens are generated with the ASW cli, used as sql password, and expires after 15 minutes. That means that any reconnects after that time will fail – and not in a way that spawns any password dialog (“FATAL: PAM authentication failed”).
I’m thinking of the feature like an addition to “passfile”, lets call it “passexec”.
2 new (advanced?) server settings:
* passexec cmd line
* passexec expiry minutes
If last passexec is older than expiry, a new invocation result is used – basically an expiring cache.
I think this would benefit the pgadmin community – would you be interested in a PR?
/Elias
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pravesh Sharma | 2022-10-10 06:36:59 | [pgadmin-org/pgadmin4] 176ea5: Fixed copy sql to query tool feature test |
| Previous Message | Aditya Toshniwal | 2022-10-07 09:55:20 | Re: Regarding pgAdmin browser support |