Peter Eisentraut <peter_e@gmx.net> writes:
> On 2/10/15 8:28 PM, Robert Haas wrote:
>> I don't actually care which algorithm we use, and I dowannahafta care.
>> What I do want to do is provide a framework so that, when somebody
>> discovers that X is better than Y because Z, somebody who knows about
>> cryptography and not much about PostgreSQL ca add support for X in a
>> relatively small number of lines of code.
> sounds like SASL
Sounds like pie in the sky really :-(. We could make the server turn on
a dime perhaps, but the client-side population will not come along nearly
that quickly, nor with small effort. Stored passwords won't migrate to a
new scheme transparently either.
I think it's probably reasonable to think about a more modern password
auth method, but not to imagine that it will be pluggable or that the
adoption time for any revision will be less than years long.
regards, tom lane