On 04/06/2017 11:05 PM, Tom Lane wrote:
Perhaps we could turn this around: have the client send (in the connection request packet) a list of auth protocols it thinks it is able to handle. (I'm envisioning this as being more or less fixed for any one version of any one client, since it would basically mean "I have code to do X, Y, or Z".) Then the server can pick one that is allowed by pg_hba.conf, or it can just ignore the list and send what it wants anyway, probably leading to client disconnect.
That list of supported authentication methods would need to be included in the startup message. Unfortunately, there is no way to add options to the startup message, without breaking compatibility with old servers. If there is an option in the startup message that the server doesn't understand, it will treat it as a GUC, and you get an "unrecognized configuration parameter" after authentication.
It would be nice to change that, so that the server would ignore parameters that it doesn't understand that begin with "optional_" prefix, for example. But it won't help us right now.
- Heikki -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
