Hi, I think I should add my two cents.
On Mon, 20 Jan 2020 at 20:38, Tom Lane <t...@sss.pgh.pa.us> wrote: > > > I found another place that assumes 100 bytes and upped it to 2048. There one more place, in the code which is parsing .pgpass > > So this is pretty much exactly what I expected. And have you tried > it with e.g. PAM, or LDAP? > > I think the AWS guys are fools to imagine that this will work in very > many places, and I don't see why we should be leading the charge to > make it work for them. What's the point of having a huge amount of > data in a password, anyway? We at Zalando are using JWT tokens as passwords. JWT tokens are self-contained and therefore quite huge (up to 700-800 bytes in our case). Tokens have a limited lifetime (1 hour) and we are using PAM to verify them. Altogether the whole thing works like a charm. The only problem that it is not possible to copy&paste the token into psql password prompt, but there is a workaround, export PGPASSWORD=verylongtokenstring && psql JWT: https://jwt.io/ PAM module to verify OAuth tokens: https://github.com/CyberDem0n/pam-oauth2 Regards, -- Alexander Kukushkin