On Dec 19, 2014 5:02 PM, "Craig Ringer" <cr...@2ndquadrant.com> wrote: > > On 12/19/2014 11:57 PM, Dave Page wrote: > > Right - we'd have to store the entries somewhere based on the target > > server and the SSH config, and dynamically rebuilt the pgpass file > > during the connection process. That seems a) ugly and b) very fragile. > > Darn. I thought libpq had a callback for a password prompt, but it doesn't. > > Guess we should add that. If libpq gets an auth request from the server > and has no password from the connection string, it should invoke a > callback (if supplied) that lets the client supply a password dynamically. >
We definitely should. And we should make sure we design it not to just support passwords but anything we might need to unlock an authentication - say a x509 certificate (doesn't have to be the same function, but it should be part of the design considerations for the feature). /Magnus
