SASL, compression?

From: Bear Giles <bgiles(at)coyotesong(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: SASL, compression?
Date: 2002-05-18 17:39:51
Message-ID: 200205181739.LAA04510@eris.coyotesong.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

I've been looking at the authentication and networking code and
would like to float a trial balloon.

1) add SASL. This is a new standards-track protocol that is often
described as "PAM" for network authentication. PostgreSQL could
remove *all* protocol-specific authentication code and use
standard plug-in libraries instead.

(It's worth noting that SSL/TLS operates at a lower level than
SASL. This has some interesting consequences, see below.)

After the black-box authentication finishes, the postmaster will
have up to pieces of information: the peer's client cert (SSL)
and a string containing the Kerberos principal, user name verified
with password/one-time-password/CRAM, etc.

PostgreSQL authentication would be reduced to specifying which
authentication methods are acceptable for each database, then
mapping that authenticated user string and/or cert to a pguser.

2) add ZLIB compression.

The last point needs a bit of explanation. With SASL, the buffers
may be modified due to the authentication protocol selected, so the
low-level routines in pqcomm.c and fe-connect.c must be modified.
But since this is happening anyway, it would be easy to wrap
sasl_encode with ZLIB compression and sasl_decode with ZLIB decompression,
with pq_flush() (and client's equivalent) doing a "sync flush" of
the compression buffer.

You obviously don't need compression on the Unix socket or a fast
network connection, but if you're on a T1 or slower the reduced
transmission time should more than offset the time spent in
compression/decompression.

Drawbacks

The biggest drawback, at least initially, is that the initial
exchange will need to be totally rewritten. One possibility
could use something like this:

S: 220 example.com PostgreSQL 8.1
C: HELO client.com
S: 250-example.com
S: 250-AUTH ANONYMOUS KERBEROS4 <list of authentication methods>
S: 250-STARTTLS <server accepts SSL/TLS>
S: 250-COMPRESSION <compress datastream>
S: 250 HELP
C: STARTTLS pq.virtual.com <allows virtual domains>
<SSL/TLS negotation occurs *here*>
S: 250-pq.virtual.com
S: 250-AUTH ANONYMOUS PLAIN KERBEROS4 <note extra method>
S: 250-COMPRESSION
S: 250-some extract functions only available with TLS/SSL sessions
S: 250 HELP
C: AUTH PLAIN user password <use simple username/password>
S: 220 OK
C: COMPRESSION ON
S: 220 OK
C: OPEN database
S: 220 OK

and then the system drops back to the existing data exchange
format. Or it could look like something entirely different - the
most important thing is that the server needs to provide a list
of authentication methods, the client chooses one, and it either
succeeds or the client can retry. However a protocol something
like this has the strong advantage of being well-tested in the
existing protocols.

Bear

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Nigel J. Andrews 2002-05-18 18:11:40 Re: [INTERFACES] libpgtcl - backend version information patch
Previous Message Jean-Michel POURE 2002-05-18 16:53:19 UTF-8 safe ascii() function