Re: SCRAM authentication, take three
Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Heikki Linnakangas <hlinnaka@iki.fi>, Noah Misch <noah@leadboat.com>
Cc: Michael Paquier <michael.paquier@gmail.com>,
Aleksander Alekseev <a.alekseev@postgrespro.ru>,
Alvaro Herrera <alvherre@2ndquadrant.com>,
pgsql-hackers <pgsql-hackers@postgresql.org>, magnus@hagander.net,
robertmhaas@gmail.com
Date: 2017-04-11T01:52:21Z
Lists: pgsql-hackers
On 4/10/17 04:27, Heikki Linnakangas wrote: > One thing to consider is that we just made the decision that "md5" > actually means "md5 or scram-sha-256". Extrapolating from that, I think > we'll want "scram-sha-256" to mean "scram-sha-256 or scram-sha-256-plus" > (i.e. the channel-bonding variant) in the future. And if we get support > for scram-sha-512, "scram-sha-256" would presumably allow that too. But how would you choose between scram-sha-256-plus and scram-sha-512? -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Commits
-
Rename "scram" to "scram-sha-256" in pg_hba.conf and password_encryption.
- c727f120ff50 10.0 landed
-
Support SCRAM-SHA-256 authentication (RFC 5802 and 7677).
- 818fd4a67d61 10.0 landed