Re: Proposal: Support custom authentication methods using hooks

On 17.02.22 20:25, samay sharma wrote:
> A use case where this is useful are environments where you want 
> authentication to be centrally managed across different services. This 
> is a common deployment model for cloud providers where customers like to 
> use single sign on and authenticate across different services including 
> Postgres. Implementing this now is tricky as it requires syncing that 
> authentication method's credentials with Postgres (and that gets 
> trickier with TTL/expiry etc.). With these hooks, you can implement an 
> extension to check credentials directly using the 
> authentication provider's APIs.

We already have a variety of authentication mechanisms that support 
central management: LDAP, PAM, Kerberos, Radius.  What other mechanisms 
are people thinking about implementing using these hooks?  Maybe there 
are a bunch of them, in which case a hook system might be sensible, but 
if there are only one or two plausible ones, we could also just make 
them built in.