Hello list,
I wanted to test the waters on how receptive people might be to an
extension that would allow Postgres to support two passwords for a
given role. I have recently encountered a case where this would be
highly useful when performing rolling password upgrades across many
client applications and/or application instances.
It is possible (as far as I know) to get around some of the sticker
parts of this with some teeth gnashing, using some CREATE ROLE ... IN
ROLE dancing, but I wanted to see if there was any interest in
supporting this "for real."
This design is not uncommon, one example is Amazon Web Services (e.g.
EC2, S3), whereby one identification key can have many, independently
revokable secret keys.
I haven't given much thought to the mechanism yet, rather, I am just
trying to assess gut reactions on the principle.
--
fdr