Hi guys,
I am new to PostgreSQL, so sorry for maybe stupid question. I am working on some application implementing Frontend/Backend PG protocol and one of the goals - having only "admin" users credentials (like postgres user) be able to retrieve enough information from PG server (for example, from pg_authid table) to perform authentication for any user created in PG (without any user interaction, so we don't know the user's password).
It is fine for plain text or md5 authentication types, but it looks impossible for scram-sha-256, since looking at the RFC 5802 and libpq source code, the information presented in pg_authid (SCRAM-SHA-256$<iteration count>: <salt>$<StoredKey>:<ServerKey>) is enough only to perform server side authentication for external client and not enough to authenticate on the PG as a client. This actually sounds logically and reasonable in terms of infosec, so could you please that it is not possible or maybe there is any way to achieve that?
Thanks in advance,
Vladimir
