Subprocess generated password

Hi,

I have been hacking on a feature that instead of using a static password when connecting to the psql server executes a subprocess which prints a temporary auth token to stdout.

This is to make the workflow more bearable when using AWS RDS with iam authentication.

aws-iam auth tokens are generated with the ASW cli, used as sql password, and expires after 15 minutes. That means that any reconnects after that time will fail – and not in a way that spawns any password dialog (“FATAL: PAM authentication failed”).

I’m thinking of the feature like an addition to “passfile”, lets call it “passexec”.

2 new (advanced?) server settings:

* passexec cmd line

* passexec expiry minutes

If last passexec is older than expiry, a new invocation result is used – basically an expiring cache.

I think this would benefit the pgadmin community – would you be interested in a PR?

/Elias