Re: [JDBC] [HACKERS] Channel binding support for SCRAM-SHA-256 - Mailing list pgsql-hackers

From Peter Eisentraut
Subject Re: [JDBC] [HACKERS] Channel binding support for SCRAM-SHA-256
Date
Msg-id 93ad98a7-5f0c-3153-6015-9376326c5cb7@2ndquadrant.com
Whole thread Raw
In response to Re: [JDBC] [HACKERS] Channel binding support for SCRAM-SHA-256  (Michael Paquier <michael.paquier@gmail.com>)
Responses Re: [JDBC] [HACKERS] Channel binding support for SCRAM-SHA-256
List pgsql-hackers
On 9/10/17 22:37, Michael Paquier wrote:
> On Mon, Aug 21, 2017 at 9:51 PM, Michael Paquier
> <michael.paquier@gmail.com> wrote:
>> On Tue, Jun 20, 2017 at 1:11 PM, Michael Paquier
>> <michael.paquier@gmail.com> wrote:
>>> With the tests directly in the patch, things are easy to run. WIth
>>> PG10 stabilization work, of course I don't expect much feedback :)
>>> But this set of patches looks like the direction we want to go so as
>>> JDBC and libpq users can take advantage of channel binding with SCRAM.
>>
>> Attached is a new patch set, rebased as of c6293249.
> 
> And again a new set to fix the rotten bits caused by 85f4d63.

It seems we should start by sorting out the mechanism by which the
client can control what authentication mechanisms it accepts.  In your
patch set you introduce a connection parameter saslname.  I think we
should expand that to non-SASL mechanisms and have it be some kind of
whitelist or blacklist.  It might be reasonable for a client to require
"gssapi" or "cert" for example or do an exclusion like "!password !md5
!ldap".

Thoughts?

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: [HACKERS] Patch: Add --no-comments to skip COMMENTs with pg_dump
Next
From: Robert Haas
Date:
Subject: Re: [HACKERS] Constraint exclusion for partitioned tables