public inbox for [email protected]  
help / color / mirror / Atom feed
From: Jonathan S. Katz <[email protected]>
To: Peter Eisentraut <[email protected]>
To: samay sharma <[email protected]>
To: [email protected]
Subject: Re: Proposal: Support custom authentication methods using hooks
Date: Tue, 1 Mar 2022 16:18:11 -0500
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <CAJxrbyxTRn5P8J-p+wHLwFahK5y56PhK28VOb55jqMO05Y-DJw@mail.gmail.com>
	<[email protected]>

On 2/28/22 5:26 AM, Peter Eisentraut wrote:
> On 17.02.22 20:25, samay sharma wrote:
>> A use case where this is useful are environments where you want 
>> authentication to be centrally managed across different services. This 
>> is a common deployment model for cloud providers where customers like 
>> to use single sign on and authenticate across different services 
>> including Postgres. Implementing this now is tricky as it requires 
>> syncing that authentication method's credentials with Postgres (and 
>> that gets trickier with TTL/expiry etc.). With these hooks, you can 
>> implement an extension to check credentials directly using the 
>> authentication provider's APIs.
> 
> We already have a variety of authentication mechanisms that support 
> central management: LDAP, PAM, Kerberos, Radius.  What other mechanisms 
> are people thinking about implementing using these hooks?  Maybe there 
> are a bunch of them, in which case a hook system might be sensible, but 
> if there are only one or two plausible ones, we could also just make 
> them built in.

OIDC is the big one that comes to mind.

Jonathan


Attachments:

  [application/pgp-signature] OpenPGP_signature (840B, ../[email protected]/2-OpenPGP_signature)
  download

view thread (5+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Proposal: Support custom authentication methods using hooks
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox