Re: [HACKERS] SCRAM auth and Pgpool-II

>> Using a clear text password would not be acceptable for users even
>> through an encrypted connection, I think.
> 
> Really, I don't think users who are concerned with security should be
> using the md5 method either.

The comment in pg_hba.conf.sample seem to prefer md5 over clear text
password.

# Note that "password" sends passwords in clear text; "md5" or
# "scram-sha-256" are preferred since they send encrypted passwords.

> What would be really nice for such cases is support for Kerberos and
> delegated Kerberos credentials.  Having pgpool support that would remove
> the need to deal with passwords at all.
> 
> Ditto for having postgres_fdw support same.  More often than not,
> Kerberos deployments (via AD, generally) is what I find in the
> enterprises that I work with and they're happy to see we have Kerberos
> but it's disappointing when they can't use Kerberos with either
> connection poolers or with FDWs.

I would add supporting Kerberos to the Pgpool-II todo list.

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp