From trust to Tokens: A Short History of PostgreSQL Authentication | POSETTE 2026
Murat Tuncer walks through how PostgreSQL authentication evolved from early trust-based local setups to modern certificate and token-based approaches, explaining why each method exists, what trade-offs it made, and the common mistakes teams still run into when choosing auth for production deployments.
Overview
This POSETTE 2026 talk gives a story-driven tour of PostgreSQL authentication methods, focusing on the key inflection points that shaped today’s options and how those historical decisions still show up in real-world deployments.
What the talk covers
The core problem PostgreSQL authentication is trying to solve
- PostgreSQL supports many authentication methods, but most teams only use one or two.
- The talk frames the variety as a result of PostgreSQL adapting to different environments over time (local Unix systems, enterprise identity, and cloud-era identity).
Early Unix-centric assumptions
The presenter starts with early approaches that fit local, Unix-style deployments:
- trust
- ident
- peer
These methods reflect assumptions about local users and host trust boundaries that don’t always hold in modern distributed systems.
Password authentication and its trade-offs
- The talk covers the move toward password-based authentication as deployments expanded beyond purely local assumptions.
- It highlights why passwords are difficult to get right operationally and securely.
Enterprise authentication integrations
As PostgreSQL became common in larger organizations, it gained integrations that fit enterprise identity systems:
- LDAP
- Kerberos
The talk focuses on why these options exist and what problems they were intended to solve.
Certificate-based authentication
- The presenter covers certificate-based approaches as another step in the evolution toward stronger identity and transport security.
Token-based authentication in the cloud era
- The talk ends with modern, identity-driven approaches, including token-based authentication, and how cloud environments push authentication in this direction.
Practical guidance
Choosing an authentication method
- The talk aims to leave viewers with a mental model for selecting an authentication method based on the environment and constraints, rather than defaulting to whatever is most familiar.
Common mistakes
- The presenter calls out common pitfalls teams make when configuring or selecting PostgreSQL authentication methods, especially when older assumptions are applied to modern deployments.
Links
- POSETTE conference site: https://posetteconf.com
- POSETTE talks playlist: https://aka.ms/posette-playlist