From c727f120ff50f624a1ee3abe700d995c18314a0b Mon Sep 17 00:00:00 2001 From: Heikki Linnakangas Date: Tue, 18 Apr 2017 14:50:50 +0300 Subject: Rename "scram" to "scram-sha-256" in pg_hba.conf and password_encryption. Per discussion, plain "scram" is confusing because we actually implement SCRAM-SHA-256 rather than the original SCRAM that uses SHA-1 as the hash algorithm. If we add support for SCRAM-SHA-512 or some other mechanism in the SCRAM family in the future, that would become even more confusing. Most of the internal files and functions still use just "scram" as a shorthand for SCRMA-SHA-256, but I did change PASSWORD_TYPE_SCRAM to PASSWORD_TYPE_SCRAM_SHA_256, as that could potentially be used by 3rd party extensions that hook into the password-check hook. Michael Paquier did this in an earlier version of the SCRAM patch set already, but I didn't include that in the version that was committed. Discussion: https://www.postgresql.org/message-id/fde71ff1-5858-90c8-99a9-1c2427e7bafb@iki.fi --- src/backend/commands/user.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/backend/commands') diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index de264974ae8..c719682274d 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -140,8 +140,8 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt) dpassword = defel; if (strcmp(defel->defname, "encryptedPassword") == 0) { - if (Password_encryption == PASSWORD_TYPE_SCRAM) - password_type = PASSWORD_TYPE_SCRAM; + if (Password_encryption == PASSWORD_TYPE_SCRAM_SHA_256) + password_type = PASSWORD_TYPE_SCRAM_SHA_256; else password_type = PASSWORD_TYPE_MD5; } @@ -548,8 +548,8 @@ AlterRole(AlterRoleStmt *stmt) dpassword = defel; if (strcmp(defel->defname, "encryptedPassword") == 0) { - if (Password_encryption == PASSWORD_TYPE_SCRAM) - password_type = PASSWORD_TYPE_SCRAM; + if (Password_encryption == PASSWORD_TYPE_SCRAM_SHA_256) + password_type = PASSWORD_TYPE_SCRAM_SHA_256; else password_type = PASSWORD_TYPE_MD5; } -- cgit v1.2.3