Hi,
On 2022-03-17 12:10:51 +0100, Peter Eisentraut wrote:
> Looking at the existing authentication methods
>
> # METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
> # "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
>
> how many of these could have been implemented using a plugin mechanism that
> was designed before the new method was considered? Probably not many.
trust, reject, md5, password, ident, peer, pam, ldap, radius look trivially
possible. I think sspi is doable as well, but I don't know it well enough to
be confident. gss without transport encryption could have as well, I
think. Even scram-sha-256 looks possible, although that'd have been a good bit
harder. Where do you see the problems?
Only stuff tying into transport encryption is clearly not doable via the
proposed API, but that's hardly the fault of an authentication API?
Greetings,
Andres Freund