Re: Letting the client choose the protocol to use during a SASL exchange
Heikki Linnakangas <hlinnaka@iki.fi>
From: Heikki Linnakangas <hlinnaka@iki.fi>
To: Craig Ringer <craig@2ndquadrant.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Simon Riggs <simon@2ndquadrant.com>,
Michael Paquier <michael.paquier@gmail.com>,
PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2017-04-07T09:08:44Z
Lists: pgsql-hackers
On 04/07/2017 11:57 AM, Craig Ringer wrote: > On 7 April 2017 at 16:33, Heikki Linnakangas <hlinnaka@iki.fi> wrote: > >> That list of supported authentication methods would need to be included in >> the startup message. Unfortunately, there is no way to add options to the >> startup message, without breaking compatibility with old servers. If there >> is an option in the startup message that the server doesn't understand, it >> will treat it as a GUC, and you get an "unrecognized configuration >> parameter" after authentication. > > sasl.mechanisms = 'SCRAM_SHA256' > > :p > > No, I'm not seriously suggesting we abuse that. Hmm, that's not such a bad idea, actually. It only goes back to 9.2, though. Before that, the prefix needed to be listed in custom_variable_classes, or you got an error. 9.2 is the oldest supported version, but libpq should still be able to connect to older versions. - Heikki
Commits
-
Improve the SASL authentication protocol.
- 4f3b87ab780b 10.0 landed
-
Refactor libpq authentication request processing.
- 61bf96cab063 10.0 landed
-
Minor cleanup of backend SCRAM code.
- 00707fa58275 10.0 landed