Re: Password identifiers, protocol aging and SCRAM protocol

Valery Popov <v.popov@postgrespro.ru>

From: Valery Popov <v.popov@postgrespro.ru>
To: michael.paquier@gmail.com
Cc: pgsql-hackers@postgresql.org
Date: 2016-02-25T16:38:02Z
Lists: pgsql-hackers
Hi, Michael


23.02.2016 10:17, Michael Paquier пишет:
> Attached is a set of patches implementing a couple of things that have
> been discussed, so let's roll in.
>
> Those 4 patches are aimed at putting in-core basics for the concept I
> call password protocol aging, which is a way to allow multiple
> password protocols to be defined in Postgres, and aimed at easing
> administration as well as retirement of outdated protocols, which is
> something that is not doable now in Postgres.
>
> The second set of patch 0005~0008 introduces a new protocol, SCRAM.
> 9) 0009 is the SCRAM authentication itself....
The theme with password checking is interesting for me, and I can give 
review for CF for some features.
I think that review of all suggested features will require a lot of time.
Is it possible to make subset of patches concerning only password 
strength and its aging?
The patches you have applied are non-independent. They should be apply 
consequentially one by one.
Thus the patch 0009 can't be applied without git error  before 0001.
In this conditions all patches were successfully applied and compiled.
All tests successfully passed.
> The first 4 patches obviously are the core portion that I would like
> to discuss about in this CF, as they put in the base for the rest, and
> will surely help Postgres long-term. 0005~0008 are just refactoring
> patches, so they are quite simple. 0009 though is quite difficult, and
> needs careful review because it manipulates areas of the code where it
> is not necessary to be an authenticated user, so if there are bugs in
> it it would be possible for example to crash down Postgres just by
> sending authentication requests.
>
-- 
Regards,
Valery Popov
Postgres Professional http://www.postgrespro.com
The Russian Postgres Company



Commits

  1. Support SCRAM-SHA-256 authentication (RFC 5802 and 7677).

  2. Refactor SHA2 functions and move them to src/common/.

  3. Replace isMD5() with a more future-proof way to check if pw is encrypted.

  4. Remove bogus notice that older clients might not work with MD5 passwords.

  5. Refactor the code for verifying user's password.

  6. Replace PostmasterRandom() with a stronger source, second attempt.

  7. Remove support for (insecure) crypt authentication.