On Tue, Mar 14, 2017 at 9:36 PM, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
> While looking at the test, I noticed that the SCRAM patch didn't include
> support for logging in with plain 'password' authentication, when the user
> has a SCRAM verifier stored in pg_authid. That was an oversight. If the
> client gives the server the plain password, it's easy for the server to
> verify that it matches the SCRAM verifier.
Right. I forgot about that..
> Attached patches add the TAP test suite, and implement plain 'password'
> authentication for users with SCRAM verifier. Any comments?
+ /*
+ * The password looked like a SCRAM verifier, but could not be
+ * parsed.
+ */
+ elog(LOG, "invalid SCRAM verifier for user \"%s\"", username);
This would be sent back to the client, no? I think that you should use
*logdetail as well in scram_verify_plain_password.
+# This test cannot run on Windows as Postgres cannot be set up with Unix
+# sockets and needs to go through SSPI.
Yes, true. Having that in its own folder is fine for me.
--
Michael