Re: Keystone auth in PostgreSQL

Daniel Farina <daniel@heroku.com> writes:
> From my vantage point, a rehash of federated authentication of some
> kind would be enormously useful, but it's not really clear if there
> are any concrete implementations worth supporting directly: I only
> wish it was much easier to delegate authentication so someone could
> implement, say, Keystone without excessive contortion. (Or maybe
> someone just needs to vend some advice on the "proper" way to
> delegate).

Our standard answer when someone asks for $random-auth-method is to
suggest that they find a PAM module for it and use PAM.  I wouldn't
want to claim that PAM is a particularly great interface for this
sort of thing, but it's out there and I don't know of any serious
competition.  The alternative of supporting $random-auth-method
directly doesn't scale very nicely...
        regards, tom lane