On Mon, Jan 26, 2026 at 1:51 AM Zsolt Parragi <[email protected]> wrote: > The choosing authentication method part would already > be useful with OAuth, and now Joel also started a thread about fido2, > which also brings the question of MFA.
Or just the ability to offer a choice between two authentication methods for a single user, yeah. > pg_hba has the same issue, even if it has custom key=value data > already. What I meant is similarly how we could turn currently hard > coded pg_hba settings into GUC variables, the same is doable with > pg_hosts, either at a separate level or integrating it into the HBA > context. And later either both should get a new line style and > deprecate the old one, or maybe these settings should be configured > completely differently. Sure; at this point I think we're violently agreeing. If we suspect the configuration UX needs to be refactored, that's not going to be a decision made unilaterally in this thread, which is why I said I was worried about the scope creep. --Jacob
