Re: scram and \password

From: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Jeff Janes <jeff(dot)janes(at)gmail(dot)com>
Cc: Joe Conway <mail(at)joeconway(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: scram and \password
Date: 2017-03-16 13:52:45
Message-ID: a8b0d5cb-35d4-d686-3fae-f743659ae346@iki.fi
Views: Raw Message | Whole Thread | Download mbox
Thread:
Lists: pgsql-hackers

On 03/14/2017 11:14 PM, Tom Lane wrote:
> In short, I don't think that argument refutes my position that "md5"
> in pg_hba.conf should be understood as allowing SCRAM passwords too.

Yeah, let's do that. Here's a patch.

I had some terminology trouble with the docs. What do you call a user
that has "md5XXXXX" in pgauthid.rolpassword? What about someone with a
SCRAM verifier? I used the terms "those users that have an MD5 hash set
in the system catalog", and "users that have set their password as a
SCRAM verifier", but it feels awkward.

The behavior when a user doesn't exist, or doesn't have a valid
password, is a bit subtle. Previously, with 'md5' authentication, we
would send the client an MD5 challenge, and fail with "invalid password"
error after receiving the response. And with 'scram' authentication, we
would perform a dummy authentication exchange, with a made-up salt. This
is to avoid revealing to an unauthenticated client whether or not the
user existed.

With this patch, the dummy authentication logic for 'md5' is a bit more
complicated. I made it look at the password_encryption GUC, and send the
client a dummy MD5 or SCRAM challenge based on that. The idea is that
most users presumably have a password of that type, so we use that
method for the dummy authentication, to make it look as "normal" as
possible. It's not perfect, if password_encryption is set to 'scram',
and you probe for a user that has an MD5 password set, you can tell that
it's a valid user from the fact that the server sends an MD5 challenge.

In practice, I'm not sure how good this dummy authentication thing
really is anyway. Even on older versions, I'd wager a guess that if you
tried hard enough, you could tell if a user exists or not based on
timing, for example. So I think this is good enough. But it's worth
noting and discussing.

- Heikki

Attachment Content-Type Size
0001-Allow-SCRAM-authentication-when-pg_hba.conf-says-md5.patch text/plain 24.2 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2017-03-16 14:17:45 Re: [PATCH] Suppress Clang 3.9 warnings
Previous Message Daniel Verite 2017-03-16 13:37:03 Re: PATCH: Batch/pipelining support for libpq