On Fri, Apr 14, 2017 at 1:37 AM, Heikki Linnakangas <hlinn...@iki.fi> wrote: > On 04/13/2017 05:53 AM, Michael Paquier wrote: >> + * Parse the list of SASL authentication mechanisms in the >> + * AuthenticationSASL message, and select the best mechanism that we >> + * support. (Only SCRAM-SHA-256 is supported at the moment.) >> */ >> - if (strcmp(auth_mechanism, SCRAM_SHA256_NAME) == 0) >> + for (;;) >> Just an idea here: being able to enforce the selection with an >> environment variable (useful for testing as well in the future). > > Hmm. It wouldn't do much, as long as SCRAM-SHA-256 is the only supported > mechanism. In general, there is no way to tell libpq to e.g. not do plain > password authentication, which is more pressing than choosing a particular > SASL mechanism. So I think we should have libpq options to control that, but > it's a bigger feature than just adding a debug environment variable here.
Of course, my last sentence implied that this may be useful once more than 1 mechanism is added. This definitely cannot be a connection parameter. Your last sentence makes me guess that we agree on that. But those are thoughts for later.. > Thanks for the review! I've pushed these patches, after a bunch of little > cleanups here and there, and fixing a few garden-variety bugs in the > GSS/SSPI changes. Committed patches look good to me after a second lookup. Thanks! -- Michael -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
