Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nOSnd-0001jM-46 for pgsql-hackers@arkaria.postgresql.org; Sun, 27 Feb 2022 23:17:57 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1nOSna-0006qX-QI for pgsql-hackers@arkaria.postgresql.org; Sun, 27 Feb 2022 23:17:54 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nOSna-0006qO-DU for pgsql-hackers@lists.postgresql.org; Sun, 27 Feb 2022 23:17:54 +0000 Received: from mail-pj1-x102b.google.com ([2607:f8b0:4864:20::102b]) by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1nOSnT-0004oD-Mc for pgsql-hackers@lists.postgresql.org; Sun, 27 Feb 2022 23:17:53 +0000 Received: by mail-pj1-x102b.google.com with SMTP id m13-20020a17090aab0d00b001bbe267d4d1so11055953pjq.0 for ; Sun, 27 Feb 2022 15:17:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=j-davis-com.20210112.gappssmtp.com; s=20210112; h=message-id:subject:from:to:cc:date:in-reply-to:references :mime-version:content-transfer-encoding; bh=r6/crZ+tNoO2QKEiJHsM7Fidg4ocVQrVL7KCM8tDx94=; b=ORJkWLsN/SN8uwN5Gp5WnCYYTEIPFSJ1xIAr9d5phwTAkpeC5XzJrUtHjM7FfnO4UV Nz2d0Il4j7Bqj3pswGRaNHXX7J5u8aFUg2uglxcLsDajfrsW7SS48SH4UgfYpJwmvjTm 07g6rWGvzBlK5tx+7XAEhl+kVgwmPbatroWKXbe6RI0zUQ3sYgePxznPX82yTOseo3oe Iq4cW0Bf0IziolKNIzqWMvH+/tIwszCnT1cTiLO4id9PLmpKNo+0w0k2z30Ilf5q9O43 MGHe4DJEIC/m/bZwv96BatjhMBR5+LShQmdUZsoOKk/dKh4ypR1Iknd5J94qiccz+r/S bOig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:mime-version:content-transfer-encoding; bh=r6/crZ+tNoO2QKEiJHsM7Fidg4ocVQrVL7KCM8tDx94=; b=h0d+Zmw93nRGsxVeRl9SmzecPwK3Uppqj1fUg4XJPHmBXmcTBfF4QGFcwe4G1JqIqF 3amgRjsAgx7V0x/bZzpo8iVz97fQztoCfZP34iL55e5qBiiQooVuoWaBAlUOoVYFSLmF A36f/nLH7+Pix59DOVxWy2BNBCOFPsrDbGNmNVuuwY2qJ0QN5+m3gTywVgVTd7v4hPV2 tSeVtpL3j3YVpP6tZUvw2YOikHugXklFm5KR4yQUNz/Le7dznrEwht738LGLK7wkpuDe UbOqEETC2YcDPofgvdrDkfRUxaSBjtJrSaAyHEha1Duu5gGA5m2vBOaIYljt+/C0Oeys 88TA== X-Gm-Message-State: AOAM533I1xr001W23ZUUCGUKq3k9SoIkDwxNSP5YnXP3lH2+qT8CNGi+ 93yUqiKZPPxlft7NIxblO6/GAQ== X-Google-Smtp-Source: ABdhPJzHfBDP1GC7pSvrd06IDs5rHiT4IEMgbjRrMQCae8YhDLa8XnPEQQ06oS71d8bMhTJsJ8QvqQ== X-Received: by 2002:a17:90a:678c:b0:1bd:500f:854d with SMTP id o12-20020a17090a678c00b001bd500f854dmr2148678pjj.125.1646003866371; Sun, 27 Feb 2022 15:17:46 -0800 (PST) Received: from jdavis.lan (c-73-231-146-4.hsd1.ca.comcast.net. [73.231.146.4]) by smtp.gmail.com with ESMTPSA id j16-20020a63e750000000b00373598b8cbfsm8402525pgk.74.2022.02.27.15.17.45 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Sun, 27 Feb 2022 15:17:45 -0800 (PST) Message-ID: <9004b18218eae293f1ee888e49d13d8a6b02810d.camel@j-davis.com> Subject: Re: Proposal: Support custom authentication methods using hooks From: Jeff Davis To: Tom Lane Cc: samay sharma , pgsql-hackers@lists.postgresql.org Date: Sun, 27 Feb 2022 15:17:44 -0800 In-Reply-To: <1980351.1645816239@sss.pgh.pa.us> References: <1737574.1645753674@sss.pgh.pa.us> <54dc198b56a87e31e9625405383f04a8c6589b8b.camel@j-davis.com> <1905579.1645810764@sss.pgh.pa.us> <2718414dc095b716e59e126c03af343997d14c7b.camel@j-davis.com> <1980351.1645816239@sss.pgh.pa.us> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5-0ubuntu0.18.04.2 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Fri, 2022-02-25 at 14:10 -0500, Tom Lane wrote: > I'm happy to add support for custom auth methods if they can use > a protocol that's safer than cleartext-password. But if that's the > only feasible option, then we're just encouraging people to use > insecure methods. FWIW, I'd like to be able to use a token in the password field, and then authenticate that token. So I didn't intend to send an actual password in plaintext. Maybe we should have a new "token" connection parameter so that libpq can allow sending a token plaintext but refuse to send a password in plaintext? > I also have in mind here that there has been discussion of giving > libpq a feature to refuse, on the client side, to send cleartext > passwords. I am generally in favor of that idea, but I'm not sure that will completely resolve the issue. For instance, should it also refuse MD5? Regards, Jeff Davis