On Tue, Mar 14, 2017 at 9:36 PM, Heikki Linnakangas <hlinn...@iki.fi> wrote: > While looking at the test, I noticed that the SCRAM patch didn't include > support for logging in with plain 'password' authentication, when the user > has a SCRAM verifier stored in pg_authid. That was an oversight. If the > client gives the server the plain password, it's easy for the server to > verify that it matches the SCRAM verifier.
Right. I forgot about that.. > Attached patches add the TAP test suite, and implement plain 'password' > authentication for users with SCRAM verifier. Any comments? + /* + * The password looked like a SCRAM verifier, but could not be + * parsed. + */ + elog(LOG, "invalid SCRAM verifier for user \"%s\"", username); This would be sent back to the client, no? I think that you should use *logdetail as well in scram_verify_plain_password. +# This test cannot run on Windows as Postgres cannot be set up with Unix +# sockets and needs to go through SSPI. Yes, true. Having that in its own folder is fine for me. -- Michael -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
