Re: Password identifiers, protocol aging and SCRAM protocol

Michael Paquier <michael.paquier@gmail.com>

From: Michael Paquier <michael.paquier@gmail.com>
To: Valery Popov <v.popov@postgrespro.ru>
Cc: PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2016-02-25T22:10:03Z
Lists: pgsql-hackers
On Fri, Feb 26, 2016 at 1:38 AM, Valery Popov <v.popov@postgrespro.ru> wrote:
> Hi, Michael
>
>
> 23.02.2016 10:17, Michael Paquier пишет:
>>
>> Attached is a set of patches implementing a couple of things that have
>> been discussed, so let's roll in.
>>
>> Those 4 patches are aimed at putting in-core basics for the concept I
>> call password protocol aging, which is a way to allow multiple
>> password protocols to be defined in Postgres, and aimed at easing
>> administration as well as retirement of outdated protocols, which is
>> something that is not doable now in Postgres.
>>
>> The second set of patch 0005~0008 introduces a new protocol, SCRAM.
>> 9) 0009 is the SCRAM authentication itself....
>
> The theme with password checking is interesting for me, and I can give
> review for CF for some features.
> I think that review of all suggested features will require a lot of time.
> Is it possible to make subset of patches concerning only password strength
> and its aging?
> The patches you have applied are non-independent. They should be apply
> consequentially one by one.
> Thus the patch 0009 can't be applied without git error  before 0001.
> In this conditions all patches were successfully applied and compiled.
> All tests successfully passed.

If you want to focus on the password protocol aging, you could just
have a look at 0001~0004.
-- 
Michael


Commits

  1. Support SCRAM-SHA-256 authentication (RFC 5802 and 7677).

  2. Refactor SHA2 functions and move them to src/common/.

  3. Replace isMD5() with a more future-proof way to check if pw is encrypted.

  4. Remove bogus notice that older clients might not work with MD5 passwords.

  5. Refactor the code for verifying user's password.

  6. Replace PostmasterRandom() with a stronger source, second attempt.

  7. Remove support for (insecure) crypt authentication.