Re: WIP: SCRAM authentication

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Stephen Frost <sfrost@snowman.net>
Cc: Michael Paquier <michael.paquier@gmail.com>, David Steele <david@pgmasters.net>, Heikki Linnakangas <hlinnaka@iki.fi>, Bruce Momjian <bruce@momjian.us>, Greg Stark <stark@mit.edu>, Robert Haas <robertmhaas@gmail.com>, Josh Berkus <josh@agliodbs.com>, Peter Eisentraut <peter_e@gmx.net>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2016-02-15T01:45:23Z
Lists: pgsql-hackers
Stephen Frost <sfrost@snowman.net> writes:
> Why do we need pg_shadow or pg_user or related views at all..?

A lot of code looks at those just to get usernames.  I am not in favor of
breaking such stuff without need.

How about we just say that the password in these old views always reads
out as '********' even when there is a password, and we invent new views
that carry real auth information?  (Hopefully in an extensible way.)

			regards, tom lane


Commits

  1. Support SCRAM-SHA-256 authentication (RFC 5802 and 7677).