Re: change password_encryption default to scram-sha-256?

From: Tatsuo Ishii <ishii(at)sraoss(dot)co(dot)jp>
To: euler(at)timbira(dot)com(dot)br
Cc: ishii(at)sraoss(dot)co(dot)jp, david(at)fetter(dot)org, tgl(at)sss(dot)pgh(dot)pa(dot)us, peter(dot)eisentraut(at)2ndquadrant(dot)com, pgsql-hackers(at)postgresql(dot)org
Subject: Re: change password_encryption default to scram-sha-256?
Date: 2019-04-09 00:35:10
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

>> I am not sure all third party programs concerning scram-sha-256 are
>> listed on this. There are some programs that talk to PostgreSQL using
>> frontend/backend protocol, but not based on libpq or other native
>> drivers (for example Pgpool-II). I guess PgBouncer is in the same
>> category too.
> ... and pgbouncer doesn't support scram-sha-256 authentication method.
> There is a bit-rot PR but the discussion died a while ago. It is
> widely used and it would be really sad to turn on SCRAM on v13 without
> pgbouncer SCRAM support.

I don't how hard it would be for pgbouncer to support scram-sha-256,
but it was pretty hard for Pgpool-II to support scram-sha-256. In case
of Pgpool-II (it starts to support it since 4.0), it needed to keep
clients' password lists.

Best regards,
Tatsuo Ishii
SRA OSS, Inc. Japan

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Alvaro Herrera 2019-04-09 00:45:33 Re: Sparse bit set data structure
Previous Message Ashwin Agrawal 2019-04-09 00:27:05 Zedstore - compressed in-core columnar storage