Re: WIP: SCRAM authentication
| От | Michael Paquier |
|---|---|
| Тема | Re: WIP: SCRAM authentication |
| Дата | |
| Msg-id | CAB7nPqQVt-Px6J_FX93hGPZ4XcA3ssyMeX0ZpUCrHoCi4-vhgw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: WIP: SCRAM authentication (Stephen Frost <sfrost@snowman.net>) |
| Список | pgsql-hackers |
On Mon, Aug 10, 2015 at 6:05 AM, Stephen Frost <sfrost@snowman.net> wrote: > * Sehrope Sarkuni (sehrope@jackdb.com) wrote: >> It'd be nice if the new auth mechanism supports multiple passwords in the >> same format as well (not just one per format). >> >> That way you could have two different passwords for a user that are active >> at the same time. This would simplify rolling database credentials as it >> wouldn't have to be done all at once. You could add the new credentials, >> update your app servers one by one, then disable the old ones. >> >> A lot of systems that use API keys let you see the last time a particular >> set of keys was used. This helps answer the "Is this going to break >> something if I disable it?" question. Having a last used at timestamp for >> each auth mechanism (per user) would be useful. > > Excellent points and +1 to all of these ideas from me. Interesting. I haven't thought of that and those are nice suggestions. I am not convinced that this is something to tackle with a first version of the patch though, I am sure we'll have enough problems to deal with to get out a nice base usable for future improvements as well. -- Michael
В списке pgsql-hackers по дате отправления: