Re: WIP: SCRAM authentication

From: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, David Steele <david(at)pgmasters(dot)net>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, Bruce Momjian <bruce(at)momjian(dot)us>, Greg Stark <stark(at)mit(dot)edu>, Robert Haas <robertmhaas(at)gmail(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>, Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: WIP: SCRAM authentication
Date: 2016-02-22 08:46:51
Message-ID: CAB7nPqTVCDuq8sYp0W+gUpywhNSeRAVOave3u=-HiD=Fxni5ww@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Mon, Feb 15, 2016 at 11:05 AM, Michael Paquier
<michael(dot)paquier(at)gmail(dot)com> wrote:
> On Mon, Feb 15, 2016 at 10:51 AM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>> * Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
>>> Stephen Frost <sfrost(at)snowman(dot)net> writes:
>>> > Why do we need pg_shadow or pg_user or related views at all..?
>>>
>>> A lot of code looks at those just to get usernames. I am not in favor of
>>> breaking such stuff without need.
>>
>> Alright.
>>
>>> How about we just say that the password in these old views always reads
>>> out as '********' even when there is a password, and we invent new views
>>> that carry real auth information? (Hopefully in an extensible way.)
>>
>> I'd be alright with that approach, I'd just rather that any clients
>> which actually want to read the password field be updated to look at the
>> extensible and sensible base catalogs, and not some hacked up array that
>> we shoved into that field.
>
> Well, then let's mask it, and just have pg_auth_verifiers. Another
> possible problem that I can see with this patch is what do we do with
> valid_until? The last set of patches sent did not switch this field to
> be per-verifier settable. I would consider a saner approach to keep
> things simple and still do that. Allowing multiple verifiers per
> protocol is a problem, and having a solution for it would be nice.
> Should this be prioritized before having more protocols like SCRAM?
>
> FWIW, browsing through pgbouncer, it has a look at pg_shadow for
> user's password to build a basic configuration file.
>
> (My mistake, while pg_user is world-readable, that's not the case of pg_shadow).

FWIW, I am going to create a new thread once I am done with the set of
patches I have in mind for the upcoming CF (yes there will be
refreshed patches), because this thread has moved on a bit larger
discussion than SCRAM itself, summarizing what is more or less the
conclusion of this thread, explaining what the patches are doing, what
they are not doing, what could be done afterwards, etc, etc. I'll keep
a clear scope regarding what I am aiming at.
--
Michael

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Fabien COELHO 2016-02-22 10:06:44 Re: checkpointer continuous flushing - V18
Previous Message Corey Huinker 2016-02-22 08:21:01 Re: psql metaqueries with \gexec