| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Michael Paquier <michael(at)paquier(dot)xyz>, Jeff Davis <pgsql(at)j-davis(dot)com>, samay sharma <smilingsamay(at)gmail(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Proposal: Support custom authentication methods using hooks |
| Date: | 2022-03-02 15:14:02 |
| Message-ID: | Yh+JutkNjHNIw7WT@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Mar 2, 2022 at 10:09:31AM -0500, Stephen Frost wrote:
> I'm not sure that it's quite so simple. Perhaps we should also drop
> LDAP and I don't really think PAM was ever terribly good for us to have,
> but at least PAM and RADIUS could possibly be used with OTP solutions
> (and maybe LDAP? Not sure, don't think I've seen that but perhaps..),
> rendering sniffing of what's transmitted less valuable. We don't
> support that for 'password' itself or for 'md5' in any serious way
> though.
I thought all the plain-password methods were already using SSL
(hopefully with certificate authentication) and they were therefore
safe. Why would we remove something like LDAP if that is what the site
is already using?
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com
If only the physical world exists, free will is an illusion.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2022-03-02 15:19:43 | Re: SQL/JSON: functions |
| Previous Message | Stephen Frost | 2022-03-02 15:09:31 | Re: Proposal: Support custom authentication methods using hooks |