Dave Page <dpage@pgadmin.org> writes:
> On Wed, Oct 14, 2009 at 7:42 PM, Greg Stark <gsstark@mit.edu> wrote:
>> This whole discussion seems very strange to me. Surely any
>> organization with rules like this will want them to be system-wide and
>> will have already implemented them in their PAM and LDAP systems
>> (assuming their not using Kerberos or something like that anyways).
> Because like it or not, this 'feature' is one that people *are*
> looking for in early stages of evaluations, and it counts against us
> and can hurt our adoption when we can't tick that box.
Okay, fine, so we're not looking for actual high-grade security,
we're looking to tick off a checkbox in the minds of not terribly
well-informed people. Then the plugin mechanism as currently proposed
will do the job just fine. We do not need to put a whole bunch of
dubious extra infrastructure in there, and we DEFINITELY do not need
anything that can be painted as a backwards step security-wise.
regards, tom lane