On 17.02.22 20:25, samay sharma wrote:
A use case where this is useful are environments where you want authentication to be centrally managed across different services. This is a common deployment model for cloud providers where customers like to use single sign on and authenticate across different services including Postgres. Implementing this now is tricky as it requires syncing that authentication method's credentials with Postgres (and that gets trickier with TTL/expiry etc.). With these hooks, you can implement an extension to check credentials directly using the authentication provider's APIs.
We already have a variety of authentication mechanisms that support central management: LDAP, PAM, Kerberos, Radius. What other mechanisms are people thinking about implementing using these hooks? Maybe there are a bunch of them, in which case a hook system might be sensible, but if there are only one or two plausible ones, we could also just make them built in.
