Re: Password identifiers, protocol aging and SCRAM protocol
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Michael Paquier <michael.paquier@gmail.com>
Cc: David Steele <david@pgmasters.net>, PostgreSQL mailing lists <pgsql-hackers@postgresql.org>,
Valery Popov <v.popov@postgrespro.ru>
Date: 2016-03-18T15:28:09Z
Lists: pgsql-hackers
On Fri, Mar 18, 2016 at 9:31 AM, Michael Paquier <michael.paquier@gmail.com> wrote: > That's not an issue for me to rebase this set of patches. The only > conflicts that I anticipate are on 0009, but I don't have high hopes > to get this portion integrating into core for 9.6, the rest of the > patches is complicated enough, and everyone bandwidth is limited. I really think we ought to consider pushing this whole thing out to 9.7. I don't see how we're going to get all of this into 9.6, and these are big, user-facing changes that I don't think we should rush into under time pressure. I think it'd be better to do this early in the 9.7 cycle so that it has time to settle before the time crunch at the end. I predict this is going to have a lot of loose ends that are going to take months to settle, and we don't have that time right now. And I'd rather see all of the changes in one release than split them across two releases. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
Commits
-
Support SCRAM-SHA-256 authentication (RFC 5802 and 7677).
- 818fd4a67d61 10.0 landed
-
Refactor SHA2 functions and move them to src/common/.
- 273c458a2b3a 10.0 landed
-
Replace isMD5() with a more future-proof way to check if pw is encrypted.
- dbd69118c05d 10.0 landed
-
Remove bogus notice that older clients might not work with MD5 passwords.
- 7e3ae5455948 9.2.20 landed
- 470af1f41c8b 9.3.16 landed
- ada2cdb61015 9.4.11 landed
- 65a7f190b253 9.5.6 landed
- 7546c135dc30 9.6.2 landed
- 31c54096a18f 10.0 landed
-
Refactor the code for verifying user's password.
- e7f051b8f9a6 10.0 landed
-
Replace PostmasterRandom() with a stronger source, second attempt.
- fe0a0b5993df 10.0 landed
-
Remove support for (insecure) crypt authentication.
- 53a5026b5cb3 8.4.0 cited