Re: Amazon RDS auth tokens in .pgpass

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Aug 31, 2020 at 2:04 PM Tom Lane <tgl@xxxxxxxxxxxxx> wrote:
Looking at the source code, there's a hard-wired restriction that lines of
.pgpass can't be more than 320 characters long (well, NAMEDATALEN*5, but
very few builds don't have NAMEDATALEN=64).  I see that somebody very
recently added code to make libpq print a warning for overlength lines,
but I wonder why they didn't just, um, remove the restriction.  We had
not previously heard of a use-case for passwords with hundreds of
characters in them, but I guess we need to cope.

Just FYI, the auth tokens generated by Amazon RDS appear to be 796 bytes long.

```
$ aws rds generate-db-auth-token --hostname "some-host.us-east-1.rds.amazonaws.com" --port 5432 --region us-east-1 --username someuser | wc -c
     796
```

If you're in a position to rebuild libpq, could you check that changing
LINELEN in fe-connect.c to something large enough (like 1K) fixes your
problem?  While that's clearly one issue, it'd be good to verify that
there's not another one lurking behind it.

I'm not in an easy position to do that (having not contributed code to the project before), but I'd be happy to provide more information about my use case or about how IAM-based authentication works as it relates to Postgres.

[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux