Re: Design Considerations for New Authentication Methods
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: Richard Troy <rtroy@ScienceTools.com>
Cc: Magnus Hagander <mha@sollentuna.net>, Martijn van Oosterhout <kleptog@svana.org>, "Henry B. Hotz" <hotz@jpl.nasa.gov>, pgsql-hackers@postgresql.org
Date: 2006-11-02T20:25:00Z
Lists: pgsql-hackers
* Richard Troy (rtroy@ScienceTools.com) wrote: > Would signed certificates be preferred? Well, sure, they're nice. I don't > object, and in fact welcome some improvements here. For example, I'd love > the choice of taking an individual user's certificate and authenticating > completely based upon that. However, while this _seems_ to simplify > things, it really just trades off with the added cost of managing those > certs - username/password is slam-dunk simple and has the advantage that > users can share one authentication. Username/password is not acceptable in a number of situations. This is not intended to replace them. This would be in *addition* to supporting the current auth methods. I don't understand at all how you feel it'd be nice to have yet shouldn't be done. Thanks, Stephen