Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tXVRO-008SEJ-Nk for pgsql-general@arkaria.postgresql.org; Tue, 14 Jan 2025 01:09:59 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tXVRN-00EOlj-Ef for pgsql-general@arkaria.postgresql.org; Tue, 14 Jan 2025 01:09:57 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tXVRN-00EOla-4K for pgsql-general@lists.postgresql.org; Tue, 14 Jan 2025 01:09:57 +0000 Received: from mail-oo1-xc31.google.com ([2607:f8b0:4864:20::c31]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1tXVRL-000GgL-1h for pgsql-general@lists.postgresql.org; Tue, 14 Jan 2025 01:09:57 +0000 Received: by mail-oo1-xc31.google.com with SMTP id 006d021491bc7-5f4cc48ab37so1397524eaf.1 for ; Mon, 13 Jan 2025 17:09:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1736816993; x=1737421793; darn=lists.postgresql.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=WTRPujGroHhKxH861MAm0l4lFBis10fJUJsQGsJe6pg=; b=OWJ8maRVQnCN1OlrgIRtdvhbXYFt6xW5BH1jf9cXg7oER6wUbzXwPMk0VRCXWzhu60 lH3KyNyamBJ/1Dx65uKdF62xYw1Pp4xN7J54XuYzdWXULrv1n5JeNL51f4+aVO5iZkDq WNJu58HlRNJ/UxQrDpssn6LHqfayfcIBFiwUaJPmXY5in2DCCXcSAZz8tF0wyJEOV6Mx Ursg2SRyWMDQTzOi1QTzuqJKaziEonYtLfYpasJYga51UqtUSktsRMCj5QYxZlgMJsM9 XOQzCQ7jPRtldNlmnu6jAaw1s38/rFrNMSPKA7mIBuP16gunZlGddrtzgEg5syPCsQ21 kc/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736816993; x=1737421793; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=WTRPujGroHhKxH861MAm0l4lFBis10fJUJsQGsJe6pg=; b=ufY+TLzd9EGJifoA/RBMmg36z9Oo+vaHOAO9yoDYHr/5MQU3wDXKZyKwnXjfSD8vMT +ft9Rr1TQHlQhhemTTvJxjubtrVBIXJ8iKV3zilOr33SWTEJ8D65soWB1cI36sXk3XPR LY7RQ/VeDSCbi5enIsGF2QpL0JRMFFefaCRepxNwIgHEXW4hmvwUVXqqItPNngs+XXlT T7Rp2Pidy44SoFBkMHV2G3aTcb+0+jaZr907qUFWfMRNNwVW7xZZKa290AvQTPUAVNaz hM71c3aIg+E1DfHRcD/a+pGfaHl4f5+ZK4jOIsc26o/WPB69jl8ddBdw/ENFdkUa+uju JIyQ== X-Gm-Message-State: AOJu0YxlXVN1xF1XS6agwiNk7I3ljY13ba8OoxRiipZAxc//kIF4Hawm fXPI5JF4844osy74aNUUcUhzQEwgst3ZSBnvHWezqkYfbzejrnghqGLcOti5AFooEO2D3wzbWoj sqGE9jhW+3w9Tud+u7cGjLn1eXTYY/A== X-Gm-Gg: ASbGncuamsrpIxYuQ9jDNADfYYB/AbmFSTNaEuh8VgggiUBfF3UghQ98ZknSslIT2tk wyRJYVjtStUrrnpgrsnhkLh4nTUXl1cS9cBmrxbA= X-Google-Smtp-Source: AGHT+IEIqUrx1nLONACFRKmSy++ivt2ATlvBgWEkv1FN1Ja/rW7E/vXhR8EOPd2kK/4YLe6ojYAdBCjfxmyHRffRa/0= X-Received: by 2002:a05:6871:64c5:b0:29e:5897:e9d1 with SMTP id 586e51a60fabf-2aa069bf7d9mr12355619fac.39.1736816993156; Mon, 13 Jan 2025 17:09:53 -0800 (PST) MIME-Version: 1.0 References: <20250112222828.b36hpzm3ulfzlkws@hjp.at> <372571.1736722760@sss.pgh.pa.us> <20250113204100.qpz6qpqrydtvydiq@hjp.at> In-Reply-To: <20250113204100.qpz6qpqrydtvydiq@hjp.at> From: Ron Johnson Date: Mon, 13 Jan 2025 20:09:41 -0500 X-Gm-Features: AbW1kvYzby4d_2yg3vmLXGkGpno3b1HHp3vxxUwOPKm5xXsJZ_RJPejnOZrEMFM Message-ID: Subject: Re: Automatic upgrade of passwords from md5 to scram-sha256 To: pgsql-general@lists.postgresql.org Content-Type: multipart/alternative; boundary="000000000000eaca9a062ba0374d" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000eaca9a062ba0374d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Jan 13, 2025 at 3:41=E2=80=AFPM Peter J. Holzer = wrote: > On 2025-01-13 12:19:06 -0500, Ron Johnson wrote: > > On Sun, Jan 12, 2025 at 5:59=E2=80=AFPM Tom Lane wr= ote: > > [snip] > > > > I think this idea is a nonstarter, TLS or not. We're generally > moving > > in the direction of never letting the server see cleartext password= s. > > It's already possible to configure libpq to refuse such requests > > (see require_auth parameter), although that hasn't been made the > > default. > > > > > > ALTER ROLE xxx WITH PASSWORD accepts hashed values, so a client with th= e > > SCRAM-SHA algorithm could: > > 1. remember the password that was just used to log in, > > 2. generate the new hash, > > 3. send that as an ALTER ROLE statement. > > Modifying the client to re-set the password is actually something I > thought about. There are some technical unknowns (e.g. is > PQencryptPasswordConn accessible through ODBC?) and some organisational > difficulties (e.g. can we get the customers to upgrade to the newest > version?), but I guess in our case it would be doable. But in general > changing every to client to upgrade the password doesn't seem feasible. > Unless maybe you are proposing that libpq should do that? That might > work, but it probably also shouldn't do it by default. > That seems to me to be the fastest way to get the feature out to users. (JDBC would also need it.) Then clients like psql, pgAdmin, etc would need to add those calls. --=20 Death to , and butter sauce. Don't boil me, I'm still alive. lobster! --000000000000eaca9a062ba0374d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Mon, Jan 13, 2025 at 3:41=E2=80=AFPM P= eter J. Holzer <hjp-pgsql@hjp.at= > wrote:
On 2025-01-13 12:19:06 -0500, Ron = Johnson wrote:
> On Sun, Jan 12, 2025 at 5:59=E2=80=AFPM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> =C2=A0[snip]
>
>=C2=A0 =C2=A0 =C2=A0I think this idea is a nonstarter, TLS or not.=C2= =A0 We're generally moving
>=C2=A0 =C2=A0 =C2=A0in the direction of never letting the server see cl= eartext passwords.
>=C2=A0 =C2=A0 =C2=A0It's already possible to configure libpq to ref= use such requests
>=C2=A0 =C2=A0 =C2=A0(see require_auth parameter), although that hasn= 9;t been made the
>=C2=A0 =C2=A0 =C2=A0default.
>
>
> ALTER ROLE xxx WITH PASSWORD accepts hashed values, so a client with t= he
> SCRAM-SHA algorithm could:
> 1. remember the password that was just used to log in,
> 2. generate the new hash,=C2=A0
> 3. send that as an ALTER ROLE statement.

Modifying the client to re-set the password is actually something I
thought about. There are some technical unknowns (e.g. is
PQencryptPasswordConn accessible through ODBC?) and some organisational
difficulties (e.g. can we get the customers to upgrade to the newest
version?), but I guess in our case it would be doable. But in general
changing every to client to upgrade the password doesn't seem feasible.=
Unless maybe you are proposing that libpq should do that? That might
work, but it probably also shouldn't do it by default.
=

That seems to me to be the fastest way to get the featu= re out to=C2=A0users.=C2=A0 (JDBC would also need it.)

=
Then clients like psql, pgAdmin, etc would need to add those calls.

--
Death to <= Redacted>, and butter sauce.
Don't boil me, I'm still alive.=
<Redacted> lobster!
--000000000000eaca9a062ba0374d--