Hi
On Mon, Apr 2, 2018 at 11:02 AM, Akshay Joshi <akshay.jo...@enterprisedb.com
> wrote:
> Hi Hackers,
>
> As a part of RM #2214, we will have to support SCRAM authentication. User
> will be able to login, but the problem is with "Change Password" of
> database server won't work, as we are encrypting new password using md5 and
> set the new password using "*ALTER USER <user> WITH ENCRYPTED PASSWORD
> <pwd>*" query.
>
> If password_encryption = scram-sha-256 in postgresql.conf file then it
> will change the password with md5 encryption which is not correct and user
> won't be able to login using changed password. I have tried previously
> (almost 12 months ago) and tried following again
>
> from passlib.hash import scram
>
> scram.default_rounds = 4096
> digest_info = scram.extract_digest_info(scram.encrypt(password), 'sha-256')
>
> salt = digest_info[0]
> rounds = digest_info[1]
> secret = digest_info[2]
>
> salted_password = hashlib.pbkdf2_hmac('sha256', secret, salt, rounds)
>
> but not able to encrypt the password for SCRAM.
>
Because you get a different hash than you'd get from libpq, or some other
problem?
>
> There is new method introduce in PostgreSQL 10 to encrypt the password:
>
> char *PQencryptPasswordConn(PGconn *conn, const char *passwd, const char
> *user, const char *algorithm);
>
> As we are using psycopg2, so the support for the above method should be
> available in psycopg2. *Ashesh* *Vashi* has already send the patch to
> support for preparing encrypted password and they are planning to merge his
> patch in version 2.8. Following is the link of his patch
> https://github.com/psycopg/psycopg2/pull/576
>
> So when the above patch will be merged and released by psycopg2, we will
> work on this feature again and modified the code. I'll update the RM
> accordingly.
>
I've pinged Daniele on the tracker to see if we can get clarity on when a
release might happen.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
