[HACKERS] Re: Authentication tests, and plain 'password' authentication with aSCRAM verifier
| От | Michael Paquier |
|---|---|
| Тема | [HACKERS] Re: Authentication tests, and plain 'password' authentication with aSCRAM verifier |
| Дата | |
| Msg-id | CAB7nPqReLLqUL7XPZ0K7L2T5XbvCnZSC_Ji+TOPqA=YFedKoiw@mail.gmail.com обсуждение исходный текст |
| Ответ на | [HACKERS] Authentication tests, and plain 'password' authentication with aSCRAM verifier (Heikki Linnakangas <hlinnaka@iki.fi>) |
| Список | pgsql-hackers |
On Tue, Mar 14, 2017 at 9:36 PM, Heikki Linnakangas <hlinnaka@iki.fi> wrote: > While looking at the test, I noticed that the SCRAM patch didn't include > support for logging in with plain 'password' authentication, when the user > has a SCRAM verifier stored in pg_authid. That was an oversight. If the > client gives the server the plain password, it's easy for the server to > verify that it matches the SCRAM verifier. Right. I forgot about that.. > Attached patches add the TAP test suite, and implement plain 'password' > authentication for users with SCRAM verifier. Any comments? + /* + * The password looked like a SCRAM verifier, but could not be + * parsed. + */ + elog(LOG, "invalid SCRAM verifier for user \"%s\"", username); This would be sent back to the client, no? I think that you should use *logdetail as well in scram_verify_plain_password. +# This test cannot run on Windows as Postgres cannot be set up with Unix +# sockets and needs to go through SSPI. Yes, true. Having that in its own folder is fine for me. -- Michael
В списке pgsql-hackers по дате отправления: