Re: SCRAM authentication, take three
Michael Paquier <michael.paquier@gmail.com>
From: Michael Paquier <michael.paquier@gmail.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Heikki Linnakangas <hlinnaka@iki.fi>,
pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2017-02-19T11:44:03Z
Lists: pgsql-hackers
On Sun, Feb 19, 2017 at 6:55 PM, Robert Haas <robertmhaas@gmail.com> wrote: > Gosh, this SCRAM stuff seems to be taking us pretty deeply into > dealing with encoding details which apparently we haven't formerly > needed to worry about. That is a little surprising and maybe > something we should try to avoid? The RFC of SCRAM, RFC5802 is clear on the matter (https://tools.ietf.org/html/rfc5802), SASLprep needs NFKC (RFC4013 here, the worst in the set https://tools.ietf.org/html/rfc4013) if we want our implementation to be compatible with any other Postgres driver that implement things at protocol level without libpq. I think that JDBC is one of those things. So I am afraid we cannot avoid it if we want SCRAM. -- Michael
Commits
-
Rename "scram" to "scram-sha-256" in pg_hba.conf and password_encryption.
- c727f120ff50 10.0 landed
-
Support SCRAM-SHA-256 authentication (RFC 5802 and 7677).
- 818fd4a67d61 10.0 landed