From: | Álvaro Hernández Tortosa <aht(at)8kdata(dot)com> |
---|---|
To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
Cc: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Simon Riggs <simon(at)2ndquadrant(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Letting the client choose the protocol to use during a SASL exchange |
Date: | 2017-04-13 11:36:49 |
Message-ID: | e13c552c-a1a1-cc38-5a49-7d1f3467473c@8kdata.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 13/04/17 04:54, Michael Paquier wrote:
> On Thu, Apr 13, 2017 at 6:37 AM, Álvaro Hernández Tortosa
> <aht(at)8kdata(dot)com> wrote:
>> By looking at the them, and unless I'm missing something, I don't see
>> how the extra information for the future implementation of channel binding
>> would be added (without changing the protocol). Relevant part is:
>>
>> The message body is a list of SASL authentication mechanisms, in the
>> server's order of preference. A zero byte is required as terminator after
>> the last authentication mechanism name. For each mechanism, there is the
>> following:
>> <variablelist>
>> <varlistentry>
>> <term>
>> String
>> </term>
>> <listitem>
>> <para>
>> Name of a SASL authentication mechanism.
>> </para>
>> </listitem>
>> </varlistentry>
>> </variablelist>
>> How do you plan to implement it, in future versions, without modifying
>> the AuthenticationSASL message? Or is it OK to add new fields to a message
>> in future PostgreSQL versions, without considering that a protocol change?
> I don't quite understand the complain here, it is perfectly fine to
> add as many null-terminated names as you want with this model. The
> patches would make the server just send one mechanism name now, but
> nothing prevents the addition of more.
I think I explained in my previous reply, but just in case: there
are two lists here: SCRAM mechanism and channel binding mechanisms. They
are orthogonal, you could pick them separately (only with the -PLUS
variants, of course). All two (both SCRAM and channel binding
mechanisms) have to be advertised by the server.
Álvaro
--
Álvaro Hernández Tortosa
-----------
<8K>data
From | Date | Subject | |
---|---|---|---|
Next Message | Heikki Linnakangas | 2017-04-13 11:47:06 | Re: Letting the client choose the protocol to use during a SASL exchange |
Previous Message | Álvaro Hernández Tortosa | 2017-04-13 11:35:03 | Re: Letting the client choose the protocol to use during a SASL exchange |