Michael Paquier <michael.paquier@gmail.com> writes:
> On Fri, Apr 21, 2017 at 10:02 PM, Simon Riggs <simon@2ndquadrant.com> wrote:
>> On 21 April 2017 at 10:20, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
>>> But looking more closely, I think I misunderstood RFC 5803. It *does* in
>>> fact specify a single string format to store the verifier in. And the format
>>> looks like:
>>>
>>> SCRAM-SHA-256$<iteration count>:<salt>$<StoredKey>:<ServerKey>
>>
>> Could you explain where you are looking? I don't see that in RFC5803
>
> From 1. Overview:
>
> Syntax of the attribute can be expressed using ABNF [RFC5234]. Non-
> terminal references in the following ABNF are defined in either
> [AUTHPASS], [RFC4422], or [RFC5234].
>
> scram-mech = "SCRAM-SHA-1" / scram-mech-ext
> ; Complies with ABNF for <scheme>
> ; defined in [AUTHPASS].
>
> scram-authInfo = iter-count ":" salt
> ; Complies with ABNF for <authInfo>
> ; defined in [AUTHPASS].
>
> scram-authValue = stored-key ":" server-key
> ; Complies with ABNF for <authValue>
> ; defined in [AUTHPASS].
And scram-mech, scram-authInfo and scram-authValue are used as the
"scheme", "authInfo" and "authValue" parts as specified in [AUTHPASS]
(RFC3112):
authPasswordValue = w scheme s authInfo s authValue w scheme = %x30-39 / %x41-5A / %x2D-2F / %x5F
; 0-9, A-Z, "-", ".", "/", or "_" authInfo = schemeSpecificValue authValue
=schemeSpecificValue schemeSpecificValue = *( %x21-23 / %x25-7E ) ; printable ASCII less "$"
and" " s = w SEP w w = *SP SEP = %x24 ; "$" SP = %x20 ; " " (space)
> Thanks,
> --
> Michael
- ilmari
--
"A disappointingly low fraction of the human race is,at any given time, on fire." - Stig Sandbeck Mathisen