Re: Custom oauth validator options
Zsolt Parragi <zsolt.parragi@percona.com>
From: Zsolt Parragi <zsolt.parragi@percona.com>
To: Jacob Champion <jacob.champion@enterprisedb.com>
Cc: VASUKI M <vasukianand0119@gmail.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>,
david.g.johnston@gmail.com, Robert Haas <robertmhaas@gmail.com>, myon@debian.org
Date: 2026-01-16T17:13:52Z
Lists: pgsql-hackers
> Last I knew (which was a while back), Yes, I didn't want to say anything for sure, but I have similar memories on Windows a while ago. I don't know anything for sure about today, and especially on Linux, but delegating things to another process seems to be a safer approach to me. > [checks] Ah, it does prohibit those. Why? Mainly because I couldn't decide where it should fit if the variable is set at multiple places (or if we need multiple sources like PGC_S_DATABASE_USER). * A hba line can be completely generic, which should be above DATABASE (ALTER DATABASE setting should override HBA setting, as it is more specific) * Or very specific about one user in one database using a specific authentication method, which should be below DATABASE_USER as it is more specific. (hba setting should override ALTER USER ... IN DATABASE setting) The first choice seems more logical to me, as that's how pg_hba is usually used, but I thought this could still be confusing.
Commits
-
oauth: Allow validators to register custom HBA options
- b977bd308a09 19 (unreleased) landed
-
Make LOAD of an already-loaded library into a no-op, instead of attempting
- 602a9ef5a7c6 9.0.0 cited