| From: | Tatsuo Ishii <ishii(at)sraoss(dot)co(dot)jp> |
|---|---|
| To: | euler(at)timbira(dot)com(dot)br |
| Cc: | ishii(at)sraoss(dot)co(dot)jp, david(at)fetter(dot)org, tgl(at)sss(dot)pgh(dot)pa(dot)us, peter(dot)eisentraut(at)2ndquadrant(dot)com, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: change password_encryption default to scram-sha-256? |
| Date: | 2019-04-09 00:35:10 |
| Message-ID: | 20190409.093510.1411631395196755780.t-ishii@sraoss.co.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
>> I am not sure all third party programs concerning scram-sha-256 are
>> listed on this. There are some programs that talk to PostgreSQL using
>> frontend/backend protocol, but not based on libpq or other native
>> drivers (for example Pgpool-II). I guess PgBouncer is in the same
>> category too.
>>
> ... and pgbouncer doesn't support scram-sha-256 authentication method.
> There is a bit-rot PR but the discussion died a while ago. It is
> widely used and it would be really sad to turn on SCRAM on v13 without
> pgbouncer SCRAM support.
I don't how hard it would be for pgbouncer to support scram-sha-256,
but it was pretty hard for Pgpool-II to support scram-sha-256. In case
of Pgpool-II (it starts to support it since 4.0), it needed to keep
clients' password lists.
http://www.pgpool.net/docs/latest/en/html/auth-methods.html#AUTH-SCRAM
Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2019-04-09 00:45:33 | Re: Sparse bit set data structure |
| Previous Message | Ashwin Agrawal | 2019-04-09 00:27:05 | Zedstore - compressed in-core columnar storage |