Re: Password identifiers, protocol aging and SCRAM protocol
Michael Paquier <michael.paquier@gmail.com>
From: Michael Paquier <michael.paquier@gmail.com>
To: Valery Popov <v.popov@postgrespro.ru>
Cc: PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2016-02-25T22:10:03Z
Lists: pgsql-hackers
On Fri, Feb 26, 2016 at 1:38 AM, Valery Popov <v.popov@postgrespro.ru> wrote: > Hi, Michael > > > 23.02.2016 10:17, Michael Paquier пишет: >> >> Attached is a set of patches implementing a couple of things that have >> been discussed, so let's roll in. >> >> Those 4 patches are aimed at putting in-core basics for the concept I >> call password protocol aging, which is a way to allow multiple >> password protocols to be defined in Postgres, and aimed at easing >> administration as well as retirement of outdated protocols, which is >> something that is not doable now in Postgres. >> >> The second set of patch 0005~0008 introduces a new protocol, SCRAM. >> 9) 0009 is the SCRAM authentication itself.... > > The theme with password checking is interesting for me, and I can give > review for CF for some features. > I think that review of all suggested features will require a lot of time. > Is it possible to make subset of patches concerning only password strength > and its aging? > The patches you have applied are non-independent. They should be apply > consequentially one by one. > Thus the patch 0009 can't be applied without git error before 0001. > In this conditions all patches were successfully applied and compiled. > All tests successfully passed. If you want to focus on the password protocol aging, you could just have a look at 0001~0004. -- Michael
Commits
-
Support SCRAM-SHA-256 authentication (RFC 5802 and 7677).
- 818fd4a67d61 10.0 landed
-
Refactor SHA2 functions and move them to src/common/.
- 273c458a2b3a 10.0 landed
-
Replace isMD5() with a more future-proof way to check if pw is encrypted.
- dbd69118c05d 10.0 landed
-
Remove bogus notice that older clients might not work with MD5 passwords.
- 7e3ae5455948 9.2.20 landed
- 470af1f41c8b 9.3.16 landed
- ada2cdb61015 9.4.11 landed
- 65a7f190b253 9.5.6 landed
- 7546c135dc30 9.6.2 landed
- 31c54096a18f 10.0 landed
-
Refactor the code for verifying user's password.
- e7f051b8f9a6 10.0 landed
-
Replace PostmasterRandom() with a stronger source, second attempt.
- fe0a0b5993df 10.0 landed
-
Remove support for (insecure) crypt authentication.
- 53a5026b5cb3 8.4.0 cited