| From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
|---|---|
| To: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Cc: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
| Subject: | Authentication tests, and plain 'password' authentication with a SCRAM verifier |
| Date: | 2017-03-14 12:36:51 |
| Message-ID: | e973b21c-ee5a-b7eb-d24e-8dc1c8a424ca@iki.fi |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
I didn't include the authentication TAP tests that Michael wrote in the
main SCRAM commit last week. The main issue was that the new test was
tacked on the src/test/recovery test suite, for lack of a better place.
I propose that we add a whole new src/test/authentication directory for
it. It would also be logical to merge src/test/ssl into it, but the SSL
test suite has some complicated setup steps, to create the certificates,
and it cannot be safely run on a multi-user system. So probably best to
keep it separate, after all.
While looking at the test, I noticed that the SCRAM patch didn't include
support for logging in with plain 'password' authentication, when the
user has a SCRAM verifier stored in pg_authid. That was an oversight. If
the client gives the server the plain password, it's easy for the server
to verify that it matches the SCRAM verifier.
Attached patches add the TAP test suite, and implement plain 'password'
authentication for users with SCRAM verifier. Any comments?
- Heikki
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Allow-plaintext-password-authentication-when-user-ha.patch | application/x-download | 5.1 KB |
| 0002-Add-TAP-tests-for-password-based-authentication-meth.patch | application/x-download | 6.2 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ashutosh Bapat | 2017-03-14 12:55:32 | Re: IF NOT EXISTS option for CREATE SERVER and CREATE USER MAPPING statements |
| Previous Message | Ashutosh Sharma | 2017-03-14 12:16:12 | Re: Page Scan Mode in Hash Index |