On Mon, Aug 10, 2015 at 6:05 AM, Stephen Frost <sfr...@snowman.net> wrote: > * Sehrope Sarkuni (sehr...@jackdb.com) wrote: >> It'd be nice if the new auth mechanism supports multiple passwords in the >> same format as well (not just one per format). >> >> That way you could have two different passwords for a user that are active >> at the same time. This would simplify rolling database credentials as it >> wouldn't have to be done all at once. You could add the new credentials, >> update your app servers one by one, then disable the old ones. >> >> A lot of systems that use API keys let you see the last time a particular >> set of keys was used. This helps answer the "Is this going to break >> something if I disable it?" question. Having a last used at timestamp for >> each auth mechanism (per user) would be useful. > > Excellent points and +1 to all of these ideas from me.
Interesting. I haven't thought of that and those are nice suggestions. I am not convinced that this is something to tackle with a first version of the patch though, I am sure we'll have enough problems to deal with to get out a nice base usable for future improvements as well. -- Michael -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
