On Tue, Mar 14, 2017 at 9:36 PM, Heikki Linnakangas <hlinn...@iki.fi> wrote:
> While looking at the test, I noticed that the SCRAM patch didn't include
> support for logging in with plain 'password' authentication, when the user
> has a SCRAM verifier stored in pg_authid. That was an oversight. If the
> client gives the server the plain password, it's easy for the server to
> verify that it matches the SCRAM verifier.

Right. I forgot about that..

> Attached patches add the TAP test suite, and implement plain 'password'
> authentication for users with SCRAM verifier. Any comments?

+       /*
+        * The password looked like a SCRAM verifier, but could not be
+        * parsed.
+        */
+       elog(LOG, "invalid SCRAM verifier for user \"%s\"", username);
This would be sent back to the client, no? I think that you should use
*logdetail as well in scram_verify_plain_password.

+# This test cannot run on Windows as Postgres cannot be set up with Unix
+# sockets and needs to go through SSPI.
Yes, true. Having that in its own folder is fine for me.

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to