Greetings, * Craig Ringer (cr...@2ndquadrant.com) wrote: > On 26 March 2018 at 21:05, Damir Simunic <damir.simu...@wa-research.ch> > wrote: > > The same goes for the ‘authorization’ header. Postgres does not support > > Bearer token authorization today. But maybe you’ll be able to define a > > function that knows how to deal with the token, and somehow signal to > > Postgres that you want it to call this function when it sees such a header. > > Or maybe someone wrote a plugin that does that, and you configure your > > server to use it. > > You've consistently ignored my comments re authentication and authorization. > > How would a multi-step handshake authentication like GSSAPI or SSPI be > implemented with HTTP2? Efficiently?
I've been trying to avoid this thread, but I'll throw in that the way GSSAPI is handled on the web today is through SPNEGO: https://en.wikipedia.org/wiki/SPNEGO Would be great to get pgAdmin4 to work under a webserver which is performing SPNEGO and Kerberos delegation to allow user who are authenticated to the web server to let the web server proxy those credentials to allow connecting to PG, and, independently, for credentials to be able to be delegated to PG which can be used for connections to other services via FDWs. All of that is largely independent of http2, of course. Thanks! Stephen
signature.asc
Description: PGP signature