On 21 April 2017 at 14:20, Michael Paquier <michael.paquier@gmail.com> wrote:
> On Fri, Apr 21, 2017 at 10:02 PM, Simon Riggs <simon@2ndquadrant.com> wrote:
>> On 21 April 2017 at 10:20, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
>>> But looking more closely, I think I misunderstood RFC 5803. It *does* in
>>> fact specify a single string format to store the verifier in. And the format
>>> looks like:
>>>
>>> SCRAM-SHA-256$<iteration count>:<salt>$<StoredKey>:<ServerKey>
>>
>> Could you explain where you are looking? I don't see that in RFC5803
>
> From 1. Overview:
>
> Syntax of the attribute can be expressed using ABNF [RFC5234]. Non-
> terminal references in the following ABNF are defined in either
> [AUTHPASS], [RFC4422], or [RFC5234].
>
> scram-mech = "SCRAM-SHA-1" / scram-mech-ext
> ; Complies with ABNF for <scheme>
> ; defined in [AUTHPASS].
>
> scram-authInfo = iter-count ":" salt
> ; Complies with ABNF for <authInfo>
> ; defined in [AUTHPASS].
>
> scram-authValue = stored-key ":" server-key
> ; Complies with ABNF for <authValue>
> ; defined in [AUTHPASS].
>
> Thanks,
The above text, which I've already read, does not explain the
suggested change from : to $.
Could you explain?
--
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services