Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commit4f3b87a

Browse files
committed
Improve the SASL authentication protocol.
This contains some protocol changes to SASL authentiation (which is newin v10):* For future-proofing, in the AuthenticationSASL message that begins SASL authentication, provide a list of SASL mechanisms that the server supports, for the client to choose from. Currently, it's always just SCRAM-SHA-256.* Add a separate authentication message type for the final server->client SASL message, which the client doesn't need to respond to. This makes it unambiguous whether the client is supposed to send a response or not. The SASL mechanism should know that anyway, but better to be explicit.Also, in the server, support clients that don't send an Initial Clientresponse in the first SASLInitialResponse message. The server is supposedto first send an empty request in that case, to which the client willrespond with the data that usually comes in the Initial Client Response.libpq uses the Initial Client Response field and doesn't need this, and Iwould assume any other sensible implementation to use Initial ClientResponse, too, but let's follow the SASL spec.Improve the documentation on SASL authentication in protocol. Add asection describing the SASL message flow, and some details on ourSCRAM-SHA-256 implementation.Document the different kinds of PasswordMessages that the frontend sendsin different phases of SASL authentication, as well as GSS/SSPIauthentication as separate message formats. Even though they're all 'p'messages, and the exact format depends on the context, describing them asseparate message formats makes the documentation more clear.Reviewed by Michael Paquier and Álvaro Hernández Tortosa.Discussion:https://www.postgresql.org/message-id/CAB7nPqS-aFg0iM3AQOJwKDv_0WkAedRjs1W2X8EixSz+sKBXCQ@mail.gmail.com
1 parent61bf96c commit4f3b87a

File tree

5 files changed

+588
-88
lines changed

5 files changed

+588
-88
lines changed

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp