Post Content
Trace the evolution of PostgreSQL authentication. Murat Tuncer (Microsoft) explores this in his talk “From trust to Tokens: A Short History of PostgreSQL Authentication” at POSETTE: An Event for Postgres 2026. Abstract: PostgreSQL offers a surprisingly large number of authentication methods—but most users only encounter one or two of them, often without understanding why they exist.
In this short talk, we take a fast, story-driven tour through the evolution of PostgreSQL authentication. Starting with early Unix-centric assumptions (trust, ident, peer), we move through password authentication, enterprise integrations like LDAP and Kerberos, and end with modern identity driven approaches such as certificate and token-based authentication.
Rather than listing every option, this talk focuses on key inflection points: what problem PostgreSQL was solving at each stage, what trade-offs were made, and how those decisions still affect real world deployments today.
Attendees will leave with a clear mental model of PostgreSQL authentication—enough to choose wisely, avoid common mistakes, and understand where the ecosystem is heading.
Murat Tuncer is a Sr. Software Engineering Manager at Microsoft working on operating and evolving large‑scale managed PostgreSQL services, including Citus Cloud and Azure Cosmos DB for PostgreSQL. His day‑to‑day work focuses on running PostgreSQL reliably in production, handling real‑world operational challenges, and making design trade‑offs at scale. Alongside service operations, Murat has experience developing PostgreSQL extensions and working close to PostgreSQL internals, which gives him a practical perspective on how PostgreSQL features are designed and why they behave the way they do. He enjoys seeing PostgreSQL systems run smoothly in production—and is happiest when they do so quietly, without anyone needing to think about them.
► Video chapters:
⏩ 00:00 – Music & introduction
⏩ 01:00 – The problem in PostgreSQL authentication
⏩ 03:06 – The history of PostgreSQL authentication
⏩ 08:42 – The difficulty of passwords
⏩ 09:48 – Enterprise authentication: LDAP & Kerberos
⏩ 11:32 – Certificate-based authentication
⏩ 14:41 – Token-based authentication in the cloud era
⏩ 16:58 – Choosing an authentication method
⏩ 18:26 – Common mistakes in authentication
⏩ 20:22 – Key takeaways & closing
📕 Everything you need to know about POSETTE: An Event for Postgres can be found at: https://posetteconf.com
✅ Learn more: watch more POSETTE talks: https://aka.ms/posette-playlist
📌 Let’s connect:
LinkedIn: https://www.linkedin.com/company/posetteconf/
X – @PosetteConf, https://x.com/PosetteConf
Mastodon – @posetteconf, https://mastodon.social/@posetteconf
Bluesky – @posetteconf.com, https://aka.ms/posette-on-bluesky
#PosetteConf #PostgreSQL #Security Read More Microsoft Developer
