| From: | Tatsuo Ishii <ishii(at)sraoss(dot)co(dot)jp> |
|---|---|
| To: | michael(dot)paquier(at)gmail(dot)com |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: SCRAM auth and Pgpool-II |
| Date: | 2017-07-06 01:40:38 |
| Message-ID: | 20170706.104038.1681560593317983418.t-ishii@sraoss.co.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Michael,
> Couldn't you cache one single SASL exchange status for each
> connection, meaning one PGconn saved for each? As the challenge sent
> by the server and the response generated by the client are different
> by design, I am afraid you would need to do that anyway in this
> context (Isn't PG-pool using already the weaknesses of MD5 to make
> things easier?). As the server decides first which authentication type
> should happen before beginning the real message exchange, that should
> not be difficult. It seems to me that you would need something more
> modular than you have now if you want for example to handle
> automatically connections to multiple servers that have different
> password hashes stored for the same user. The latter may be an edge
> case with pgpool though.
Thank you for the quick response. I will study your suggestion along
with the SCRAM code in PostgreSQL whether it could be possible in
Pgpool-II.
Regarding your question on md5 auth handling in Pgpool-II, please look
into:
https://pgpool.net/mediawiki/index.php/FAQ#How_does_pgpool-II_handle_md5_authentication.3F
Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mark Rofail | 2017-07-06 02:02:42 | Re: GSoC 2017: Foreign Key Arrays |
| Previous Message | Michael Paquier | 2017-07-06 01:32:39 | Re: SCRAM auth and Pgpool-II |