Re: Password identifiers, protocol aging and SCRAM protocol

Valery Popov <v.popov@postgrespro.ru>

From: Valery Popov <v.popov@postgrespro.ru>
To: Michael Paquier <michael.paquier@gmail.com>
Cc: PostgreSQL mailing lists <pgsql-hackers@postgresql.org>, david@pgmasters.net
Date: 2016-03-16T12:14:23Z
Lists: pgsql-hackers
Hi!

On 03/15/2016 06:59 PM, Michael Paquier wrote:
> The set of patches I am proposing here does not go through those code 
> paths, and this is likely an aggregate failure. 
Michael, you were right. It was incorrect installation of contrib binaries.
Now all tests pass OK, both check-world and installcheck-world,
Thanks.

-- 
Regards,
Valery Popov
Postgres Professional http://www.postgrespro.com
The Russian Postgres Company



Commits

  1. Support SCRAM-SHA-256 authentication (RFC 5802 and 7677).

  2. Refactor SHA2 functions and move them to src/common/.

  3. Replace isMD5() with a more future-proof way to check if pw is encrypted.

  4. Remove bogus notice that older clients might not work with MD5 passwords.

  5. Refactor the code for verifying user's password.

  6. Replace PostmasterRandom() with a stronger source, second attempt.

  7. Remove support for (insecure) crypt authentication.