On Wed, Feb 15, 2017 at 8:28 PM, Heikki Linnakangas <hlinn...@iki.fi> wrote: > On 02/07/2017 04:20 AM, Michael Paquier wrote: >> --- a/src/backend/utils/errcodes.txt >> +++ b/src/backend/utils/errcodes.txt >> @@ -247,6 +247,7 @@ Section: Class 28 - Invalid Authorization >> Specification >> >> 28000 E ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION >> invalid_authorization_specification >> 28P01 E ERRCODE_INVALID_PASSWORD >> invalid_password >> +28P01 E ERRCODE_INVALID_NONCE >> invalid_nonce >> > > Having two error codes with the same SQLSTATE is not cool, and tripped the > assertion in PL/python. I removed the new error code, it was only used in > one place, and ERRCODE_PROTOCOL_VIOLATIOn was more appropriate there anyway. > > Attached is a new set of patches, with that fixed. Thanks for the report > Aleksander!
There is something that I think is still unwelcome in this patch: the interface in pg_hba.conf. I mentioned that in the previous thread but now if you want to match a user and a database with a scram password you need to do that with the current set of patches: local $dbname $user scram That's not really portable as SCRAM is one protocol in the SASL family, and even worse in our case we use SCRAM-SHA-256. I'd like to change pg_hhba.conf to be as follows: local $dbname $user sasl protocol=scram_sha_256 This is extensible for the future, and protocol is a mandatory option that would have now just a single value: scram_sha_256. Heikki, others, are you fine with that? -- Michael -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
