| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | Dmitry Dolgov <9erthalion6(at)gmail(dot)com> |
| Cc: | Valery Popov <v(dot)popov(at)postgrespro(dot)ru>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [REVIEW]: Password identifiers, protocol aging and SCRAM protocol |
| Date: | 2016-03-02 06:52:20 |
| Message-ID: | CAB7nPqQtCTtNokP==Zfi7HzZK0fVLTR=f1OspnuDX_d--T4fmQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Mar 2, 2016 at 4:05 AM, Dmitry Dolgov <9erthalion6(at)gmail(dot)com> wrote:
> [...]
Thanks for the review.
> The default value contains "scram". Shouldn't be here also:
>
>> Specifies a comma-separated list of supported password formats by
>> the server. Supported formats are currently <literal>plain</>,
>> <literal>md5</> and <literal>scram</>.
>
> Or I missed something?
Ah, I see. That's in the documentation of password_protocols. Yes
scram should be listed there as well. That should be fixed in 0009.
>> <para>
>> <varname>db_user_namespace</> causes the client's and
>> server's user name representation to differ.
>> Authentication checks are always done with the server's user name
>> so authentication methods must be configured for the
>> server's user name, not the client's. Because
>> <literal>md5</> uses the user name as salt on both the
>> client and server, <literal>md5</> cannot be used with
>> <varname>db_user_namespace</>.
>> </para>
>
> Looks like the same (pls, correct me if I'm wrong) is applicable for "scram"
> as I see from the code below. Shouldn't be "scram" mentioned here also?
Oops. Good catch. Yes it should be mentioned as part of the SCRAM patch (0009).
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Craig Ringer | 2016-03-02 07:05:30 | Re: [PATCH] Logical decoding support for sequence advances |
| Previous Message | David Fetter | 2016-03-02 06:49:26 | Re: 2016-03 Commitfest Manager |