Re: Amazon RDS auth tokens in .pgpass

Nicholas Chammas <nicholas.chammas@gmail.com> writes:
> On Mon, Aug 31, 2020 at 2:04 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Looking at the source code, there's a hard-wired restriction that lines of
>> .pgpass can't be more than 320 characters long (well, NAMEDATALEN*5, but
>> very few builds don't have NAMEDATALEN=64).  I see that somebody very
>> recently added code to make libpq print a warning for overlength lines,
>> but I wonder why they didn't just, um, remove the restriction.  We had
>> not previously heard of a use-case for passwords with hundreds of
>> characters in them, but I guess we need to cope.

> Just FYI, the auth tokens generated by Amazon RDS appear to be 796 bytes
> long.

Thanks.  I've pushed a fix to remove libpq's undocumented restriction
on the length of a .pgpass line.  It will be in November's releases.

            regards, tom lane