Re: SCRAM authentication, take three

Heikki Linnakangas <hlinnaka@iki.fi>

From: Heikki Linnakangas <hlinnaka@iki.fi>
To: Noah Misch <noah@leadboat.com>
Cc: Michael Paquier <michael.paquier@gmail.com>, Aleksander Alekseev <a.alekseev@postgrespro.ru>, Alvaro Herrera <alvherre@2ndquadrant.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2017-04-06T18:46:29Z
Lists: pgsql-hackers
On 04/06/2017 08:36 AM, Noah Misch wrote:
> On Tue, Mar 07, 2017 at 02:36:13PM +0200, Heikki Linnakangas wrote:
>> I didn't include the last-minute changes to the way you specify this in
>> pg_hba.conf. So it's still just "scram". I agree in general that we should
>> think about how to extend that too, but I think the proposed syntax was
>> overly verbose for what we actually support right now. Let's discuss that as
>> a separate thread, as well.
>
> [Action required within three days.  This is a generic notification.]
>
> The above-described topic is currently a PostgreSQL 10 open item.

I don't think we will come up with anything better than what we have 
now, so I have removed this from the open items list.

- Heikki



Commits

  1. Rename "scram" to "scram-sha-256" in pg_hba.conf and password_encryption.

  2. Support SCRAM-SHA-256 authentication (RFC 5802 and 7677).