Re: Proposed patch for key managment
| От | Bruce Momjian |
|---|---|
| Тема | Re: Proposed patch for key managment |
| Дата | |
| Msg-id | 20201218032114.GB28841@momjian.us обсуждение исходный текст |
| Ответ на | Re: Proposed patch for key managment (Neil Chen <carpenter.nail.cz@gmail.com>) |
| Список | pgsql-hackers |
On Fri, Dec 18, 2020 at 11:19:02AM +0800, Neil Chen wrote: > > > On Fri, Dec 18, 2020 at 3:02 AM Bruce Momjian <bruce@momjian.us> wrote: > > > Here is a run of all four authentication methods, and updated scripts. > I have renamed Yubiki to PIV since the script should work with anY > PIV-enabled deviced, like a CAC. > > > > Thanks for attaching these patches. > The unfortunate thing is that I am not very familiar with yubikey, so I will > try to read it but may not be able to give useful advice. > Regarding the location of script storage, why don't we name them like > "pass_fd.sh.sample" and store them in the $DATA/share/postgresql directory > after installation, where other .sample files are also stored here. In the > source code directory, just put them in a directory related to KMGR. Yeah, that makes sense. They are small. > Through your suggestions, I am learning about Cybertec's TDE which is a > relatively "complete" implementation. I will continue to rely on these TDE > patches and the goals listed in the Wiki to verify whether the KMS system can > support our future feature. Great to hear, thanks. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EnterpriseDB https://enterprisedb.com The usefulness of a cup is in its emptiness, Bruce Lee
В списке pgsql-hackers по дате отправления: