Re: "Optional ident" authentication

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: "Optional ident" authentication
Дата
Msg-id 6203.1164729362@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Re: "Optional ident" authentication  (Andrew Dunstan <andrew@dunslane.net>)
Список pgsql-hackers
Andrew Dunstan <andrew@dunslane.net> writes:
> Tom Lane wrote:
>> Then you get into the problem that it has to work for *all* auth
>> methods, which in general it will not, because the client probably isn't
>> prepared for multiple auth challenges.

> Yes, if we did that we'd probably have to fix libpq to allow for it (and 
> any native protocol implementations such as JDBC). Can the wire protocol 
> handle it?

Not really --- the problem is what does a client do if faced with an
unanswerable challenge, eg password requested when it has no password.
libpq currently just disconnects.  You could maybe kluge it to send back
an empty password or some such, but it'd be better if the protocol had
an explicit "fail" response.  In any case, "let's fix all the clients"
isn't very practical --- what of clients running older copies of libpq?
        regards, tom lane


В списке pgsql-hackers по дате отправления:

Предыдущее
От: Peter Eisentraut
Дата:
Сообщение: Short writes
Следующее
От: "Kevin Grittner"
Дата:
Сообщение: Re: [CORE] RC1 blocker issues