On Wed, 4 Dec 2024 at 23:11, Jacob Champion <jacob.champ...@enterprisedb.com> wrote: > It makes me a little uneasy to give users a reason to copy identical > salts/verifiers around... But for e.g. a loopback connection, it seems > like there'd be no additional risk. Is that the target use case?
I don't think that necessarily has to be the usecase, clustering/sharding setups could benefit from this too. PgBouncer supports the same functionality[1]. I only see advantages over the alternative, which is copying the plaintext password around. In case of compromise of the server, only the salt+verifier has to be rotated, not the actual user password. Regarding the actual patch: This definitely needs a bunch of documentation explaining how to use this and when not to use this.
