On Wed, Dec 4, 2024 at 3:05 PM Jelte Fennema-Nio <postg...@jeltef.nl> wrote: > I only see advantages over the > alternative, which is copying the plaintext password around. In case > of compromise of the server, only the salt+verifier has to be rotated, > not the actual user password.
Sure, I'm not saying it's worse than plaintext. But a third alternative might be actual pass-through SCRAM [1], where either you expect the two servers to share a certificate fingerprint, or explicitly disable channel bindings on the second authentication pass in order to allow the MITM. (Or, throwing spaghetti, maybe even have the primary server communicate the backend cert so you can verify it and use it in the binding?) All that is a metric ton more work and analysis, though. --Jacob [1] https://www.postgresql.org/message-id/9129a012-0415-947e-a68e-59d423071525%40timescale.com
