On 01/20/2011 05:28 PM, Daniel Farina wrote:
Hello list, I wanted to test the waters on how receptive people might be to an extension that would allow Postgres to support two passwords for a given role. I have recently encountered a case where this would be highly useful when performing rolling password upgrades across many client applications and/or application instances. It is possible (as far as I know) to get around some of the sticker parts of this with some teeth gnashing, using some CREATE ROLE ... IN ROLE dancing, but I wanted to see if there was any interest in supporting this "for real." This design is not uncommon, one example is Amazon Web Services (e.g. EC2, S3), whereby one identification key can have many, independently revokable secret keys. I haven't given much thought to the mechanism yet, rather, I am just trying to assess gut reactions on the principle.
Have you thought of trying to use an external auth source like LDAP for such a scheme?
cheers andrew -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers