Re: Password identifiers, protocol aging and SCRAM protocol

Hi, Michael

23.02.2016 10:17, Michael Paquier пишет:
> Attached is a set of patches implementing a couple of things that have
> been discussed, so let's roll in.
>
> Those 4 patches are aimed at putting in-core basics for the concept I
> call password protocol aging, which is a way to allow multiple
> password protocols to be defined in Postgres, and aimed at easing
> administration as well as retirement of outdated protocols, which is
> something that is not doable now in Postgres.
>
> The second set of patch 0005~0008 introduces a new protocol, SCRAM.
> 9) 0009 is the SCRAM authentication itself....
The theme with password checking is interesting for me, and I can give
review for CF for some features.
I think that review of all suggested features will require a lot of time.
Is it possible to make subset of patches concerning only password
strength and its aging?
The patches you have applied are non-independent. They should be apply
consequentially one by one.
Thus the patch 0009 can't be applied without git error before 0001.
In this conditions all patches were successfully applied and compiled.
All tests successfully passed.
> The first 4 patches obviously are the core portion that I would like
> to discuss about in this CF, as they put in the base for the rest, and
> will surely help Postgres long-term. 0005~0008 are just refactoring
> patches, so they are quite simple. 0009 though is quite difficult, and
> needs careful review because it manipulates areas of the code where it
> is not necessary to be an authenticated user, so if there are bugs in
> it it would be possible for example to crash down Postgres just by
> sending authentication requests.
>
--
Regards,
Valery Popov
Postgres Professional http://www.postgrespro.com
The Russian Postgres Company