Re: Password identifiers, protocol aging and SCRAM protocol
Michael Paquier <michael.paquier@gmail.com>
From: Michael Paquier <michael.paquier@gmail.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: David Steele <david@pgmasters.net>, PostgreSQL mailing lists <pgsql-hackers@postgresql.org>,
Valery Popov <v.popov@postgrespro.ru>
Date: 2016-03-18T18:07:26Z
Lists: pgsql-hackers
On Sat, Mar 19, 2016 at 12:28 AM, Robert Haas <robertmhaas@gmail.com> wrote: > On Fri, Mar 18, 2016 at 9:31 AM, Michael Paquier > <michael.paquier@gmail.com> wrote: >> That's not an issue for me to rebase this set of patches. The only >> conflicts that I anticipate are on 0009, but I don't have high hopes >> to get this portion integrating into core for 9.6, the rest of the >> patches is complicated enough, and everyone bandwidth is limited. > > I really think we ought to consider pushing this whole thing out to > 9.7. I don't see how we're going to get all of this into 9.6, and > these are big, user-facing changes that I don't think we should rush > into under time pressure. I think it'd be better to do this early in > the 9.7 cycle so that it has time to settle before the time crunch at > the end. I predict this is going to have a lot of loose ends that are > going to take months to settle, and we don't have that time right now. > And I'd rather see all of the changes in one release than split them > across two releases. FWIW, the catalog separation is not that much a complicated patch, and that's really a change independent on SCRAM, the main matter being to manage critical index and relation entries correctly and it does not touch the authentication code, which is what IMO is the sensitive part. The catalog separation opens the door as well to multiple verifiers for the same protocol for a single role, facilitating password rolling policies, which is a feature that has been asked a lot. Nothing prevents the development of moving validuntil into pg_auth_verifiers in parallel of the SCRAM for the 9.7 release cycle, though it would facilitate it to have some basic infra in place. Just my 2c. -- Michael
Commits
-
Support SCRAM-SHA-256 authentication (RFC 5802 and 7677).
- 818fd4a67d61 10.0 landed
-
Refactor SHA2 functions and move them to src/common/.
- 273c458a2b3a 10.0 landed
-
Replace isMD5() with a more future-proof way to check if pw is encrypted.
- dbd69118c05d 10.0 landed
-
Remove bogus notice that older clients might not work with MD5 passwords.
- 7e3ae5455948 9.2.20 landed
- 470af1f41c8b 9.3.16 landed
- ada2cdb61015 9.4.11 landed
- 65a7f190b253 9.5.6 landed
- 7546c135dc30 9.6.2 landed
- 31c54096a18f 10.0 landed
-
Refactor the code for verifying user's password.
- e7f051b8f9a6 10.0 landed
-
Replace PostmasterRandom() with a stronger source, second attempt.
- fe0a0b5993df 10.0 landed
-
Remove support for (insecure) crypt authentication.
- 53a5026b5cb3 8.4.0 cited