> Would others be interested in adding support for FIDO2 as a new SASL > authentication mechanism?
Me definitely, I was also thinking about the same thing. For context, I did implement fido authentication for Percona Server for MySQL. But as far as I know, SASL only has drafts[1][2] about fido, not accepted RFCs. This is also related to why I asked about generic (not oauth related) authentication plugins on the list a few days ago[3], one of the things I was thinking about was fido/webauthn. > Add "fido2" to pg_hba.conf: > > hostssl all all 0.0.0.0/0 fido2 > hostssl all all ::/0 fido2 It would be really good to implement MFA properly (allowing users to configure password + fido requirement for login), but that would also require changes in pg_hba processing. [1] : https://www.ietf.org/archive/id/draft-bucksch-sasl-passkey-00.html [2] : https://www.ietf.org/archive/id/draft-ietf-kitten-scram-2fa-05.html [3] : https://www.postgresql.org/message-id/CAN4CZFN%3D5%3DdWvY%3DYAPeF4PVOMtR5U6jMLc2kCSHdO0EhejPp%2BQ%40mail.gmail.com
