From: | Valery Popov <v(dot)popov(at)postgrespro(dot)ru> |
---|---|
To: | pgsql-hackers(at)postgresql(dot)org, Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
Subject: | Re: [REVIEW]: Password identifiers, protocol aging and SCRAM protocol |
Date: | 2016-02-29 11:43:11 |
Message-ID: | 56D42ECF.2060501@postgrespro.ru |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi, Michael
>>>
>>>
>>> 23.02.2016 10:17, Michael Paquier пишет:
>>>> Attached is a set of patches implementing a couple of things that have
>>>> been discussed, so let's roll in.
>>>>
>>>> Those 4 patches are aimed at putting in-core basics for the concept I
>>>> call password protocol aging, which is a way to allow multiple
>>>> password protocols to be defined in Postgres, and aimed at easing
>>>> administration as well as retirement of outdated protocols, which is
>>>> something that is not doable now in Postgres.
>>>>
>>>> The second set of patch 0005~0008 introduces a new protocol, SCRAM.
>>>> 9) 0009 is the SCRAM authentication itself....
>>> The theme with password checking is interesting for me, and I can give
>>> review for CF for some features.
>>> I think that review of all suggested features will require a lot of
>>> time.
>>> Is it possible to make subset of patches concerning only password
>>> strength
>>> and its aging?
>>> The patches you have applied are non-independent. They should be apply
>>> consequentially one by one.
>>> Thus the patch 0009 can't be applied without git error before 0001.
>>> In this conditions all patches were successfully applied and compiled.
>>> All tests successfully passed.
>> If you want to focus on the password protocol aging, you could just
>> have a look at 0001~0004.
> OK, I will review patches 0001-0004, for starting.
>
Below are the results of compiling and testing.
============================
I've got the last version of sources from
git://git.postgresql.org/git/postgresql.git.
vpopov(at)vpopov-Ubuntu:~/Projects/pwdtest/postgresql$ git branch
* master
Then I've applied patches 0001-0004 with two warnings:
vpopov(at)vpopov-Ubuntu:~/Projects/pwdtest/postgresql$ git apply
0001-Add-facility-to-store-multiple-password-verifiers.patch
0001-Add-facility-to-store-multiple-password-verifiers.patch:2547:
trailing whitespace.
warning: 1 line adds whitespace errors.
vpopov(at)vpopov-Ubuntu:~/Projects/pwdtest/postgresql$ git apply
0002-Introduce-password_protocols.patch
vpopov(at)vpopov-Ubuntu:~/Projects/pwdtest/postgresql$ git apply
0003-Add-pg_auth_verifiers_sanitize.patch
0003-Add-pg_auth_verifiers_sanitize.patch:87: indent with spaces.
if (!superuser())
warning: 1 line adds whitespace errors.
vpopov(at)vpopov-Ubuntu:~/Projects/pwdtest/postgresql$ git apply
0004-Remove-password-verifiers-for-unsupported-protocols-.patch
The compilation with option ./configure --enable-debug --enable-nls
--enable-cassert --enable-tap-tests --with-perl
was successful.
Regression tests and all TAP-tests also passed successfully.
Also I've applied patches 0005-0008 into clean sources directory with no
warnings.
vpopov(at)vpopov-Ubuntu:~/Projects/pwdtest2/postgresql$ git apply
0005-Move-sha1.c-to-src-common.patch
vpopov(at)vpopov-Ubuntu:~/Projects/pwdtest2/postgresql$ git apply
0006-Refactor-sendAuthRequest.patch
vpopov(at)vpopov-Ubuntu:~/Projects/pwdtest2/postgresql$ git apply
0007-Refactor-RandomSalt-to-handle-salts-of-different-len.patch
vpopov(at)vpopov-Ubuntu:~/Projects/pwdtest2/postgresql$ git apply
0008-Move-encoding-routines-to-src-common.patch
The compilation with option ./configure --enable-debug --enable-nls
--enable-cassert --enable-tap-tests --with-perl
was successful.
Regression and the TAP-tests also passed successfully.
The patch 0009 depends on all previous patches 0001-0008: first we need
to apply patches 0001-0008, then 0009.
Then, all patches were successfully compiled.
All test passed.
--
Regards,
Valery Popov
Postgres Professional http://www.postgrespro.com
The Russian Postgres Company
From | Date | Subject | |
---|---|---|---|
Next Message | salvador fandino | 2016-02-29 11:44:38 | Compilation broken when OPTIMIZER_DEBUG is set |
Previous Message | Michael Paquier | 2016-02-29 11:38:22 | Re: Proposal: "Causal reads" mode for load balancing reads without stale data |