| From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
|---|---|
| To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Andres Freund <andres(at)anarazel(dot)de>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, David Steele <david(at)pgmasters(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, David Fetter <david(at)fetter(dot)org>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Julian Markwort <julian(dot)markwort(at)uni-muenster(dot)de>, Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>, Valery Popov <v(dot)popov(at)postgrespro(dot)ru> |
| Subject: | Re: Password identifiers, protocol aging and SCRAM protocol |
| Date: | 2016-12-09 08:11:17 |
| Message-ID: | 762f4875-a87e-cf0b-c06b-b357294d8be1@iki.fi |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Couple of things I should write down before I forget:
1. It's a bit cumbersome that the scram verifiers stored in
pg_authid.rolpassword don't have any clear indication that they're scram
verifiers. MD5 hashes are readily identifiable by the "md5" prefix. I
think we should use a "scram-sha-256:" for scram verifiers.
Actually, I think it'd be awfully nice to also prefix plaintext
passwords with "plain:", but I'm not sure it's worth breaking the
compatibility, if there are tools out there that peek into rolpassword.
Thoughts?
2. It's currently not possible to use the plaintext "password"
authentication method, for a user that has a SCRAM verifier in
rolpassword. That seems like an oversight. We can't do MD5
authentication with a SCRAM verifier, but "password" we could.
- Heikki
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2016-12-09 08:19:36 | Re: Password identifiers, protocol aging and SCRAM protocol |
| Previous Message | Heikki Linnakangas | 2016-12-09 08:06:24 | Re: Password identifiers, protocol aging and SCRAM protocol |