On 02/11/2015 07:54 AM, José Luis Tallón wrote:
>
> On 02/11/2015 04:40 PM, Tom Lane wrote:
>> José Luis Tallón <jltallon@adv-solutions.net> writes:
>>> In any case, just storing the "password BLOB"(text or base64 encoded)
>>> along with a mechanism identifier would go a long way towards making
>>> this part pluggable... just like we do with LDAP/RADIUS/Kerberos/PAM
>>> today.
>> That's exactly the direction we must NOT go.
From a practitioners and one step at a time perspective, why don't we
just offer SHA-2 as an alternative to MD5?
As a longer term approach, it seems something like key based auth (ala
SSH) which proved popular when I brought it up before seems like a
reasonable solution.
Sincerely,
Joshua D. Drake
--
Command Prompt, Inc. - http://www.commandprompt.com/ 503-667-4564
PostgreSQL Support, Training, Professional Services and Development
High Availability, Oracle Conversion, @cmdpromptinc
"If we send our children to Caesar for their education, we should not be surprised when they come back as
Romans."