Re: WIP: SCRAM authentication - Mailing list pgsql-hackers
| From | Robert Haas |
|---|---|
| Subject | Re: WIP: SCRAM authentication |
| Date | |
| Msg-id | CA+TgmobP92kt+1acn1pdY0Kx-9xcaAWdhqOmu2yq216T0-2dJA@mail.gmail.com Whole thread Raw |
| In response to | Re: WIP: SCRAM authentication (Stephen Frost <sfrost@snowman.net>) |
| Responses |
Re: WIP: SCRAM authentication
(Stephen Frost <sfrost@snowman.net>)
Re: WIP: SCRAM authentication (Greg Stark <stark@mit.edu>) |
| List | pgsql-hackers |
On Tue, Aug 18, 2015 at 2:07 PM, Stephen Frost <sfrost@snowman.net> wrote: > I would expect there to be people who would run into pg_upgrade > complaining, that's why there would be the check. That's actually a > much better situation than what happened around > standard_conforming_strings. Further, users would be able to continue > with their existing version until they're ready to move or it goes out > of support, by which time, if their connector isn't updated, they should > be moving off of it also. We hear about people running 8.4 and older > because of some application which was never maintained or updated, and > that sucks, but it doesn't prevent us from making the changes we need to > make to move the project forward for the users who properly manage their > systems and use supported connectors. Sorry, that's a completely bogus argument. We do not "need" to prevent people from upgrading if they haven't moved off of MD5 authentication; that's just an arbitrary - and IMHO extremely user-hostile - policy decision. We have a legitimate need, to move the project forward, to introduce a better system for password authentication. Ripping out the old one is not a real need. I'm sure at some point it will seem like antiquated cruft that nobody uses any more, but that will not be in "a year or two" or anything close to that. > SCRAM itself, as has been discussed, supports multiple password > verifiers- that's a specific case all by itself, and it's done > specifically to address the issue that one or another of the algorithms > used is compromised, or that a new algorithm becomes available which is > better. AD and Kerberos support multiple password verifiers because of > this and that it allows you to migrate from one to the next without > having to do wholesale replacment across all systems involved. I bring > them up as examples of the advances in password-based authentication > which we've missed and because they are what users expect from current > password-based authentication systems, not because we support them and > therefore should just push everyone to them. OK, that's an interesting argument. If SCRAM supports multiple password verifiers, and we support SCRAM, then I guess we should probably do that, too. I still don't like it all that much, though. I think it's absolutely inevitable that people are going to end up with an account with 3 or more different passwords that can all be used to log into it, and that won't be good. How do other systems avoid this pitfall? -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
pgsql-hackers by date: