| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Daniel Farina <drfarina(at)acm(dot)org> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: One Role, Two Passwords |
| Date: | 2011-01-20 22:45:58 |
| Message-ID: | 4D38BB26.3070200@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 01/20/2011 05:28 PM, Daniel Farina wrote:
> Hello list,
>
> I wanted to test the waters on how receptive people might be to an
> extension that would allow Postgres to support two passwords for a
> given role. I have recently encountered a case where this would be
> highly useful when performing rolling password upgrades across many
> client applications and/or application instances.
>
> It is possible (as far as I know) to get around some of the sticker
> parts of this with some teeth gnashing, using some CREATE ROLE ... IN
> ROLE dancing, but I wanted to see if there was any interest in
> supporting this "for real."
>
> This design is not uncommon, one example is Amazon Web Services (e.g.
> EC2, S3), whereby one identification key can have many, independently
> revokable secret keys.
>
> I haven't given much thought to the mechanism yet, rather, I am just
> trying to assess gut reactions on the principle.
Have you thought of trying to use an external auth source like LDAP for
such a scheme?
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2011-01-20 23:07:59 | Re: ALTER TABLE ... REPLACE WITH |
| Previous Message | Daniel Farina | 2011-01-20 22:28:15 | One Role, Two Passwords |