SCRAM authentication in PostgreSQL

328

Cite

Related Material

PGCon - PostgreSQL Conference for Users and Developers

Linnakangas, Heikki

Formal Metadata

Title

SCRAM authentication in PostgreSQL

Title of Series

PGCon 2017

Number of Parts

Author

Linnakangas, Heikki

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/48967 (DOI)

Publisher

PGCon - PostgreSQL Conference for Users and Developers

Release Date

2018

Language

English

Content Metadata

Subject Area

Information Science

Genre

Conference/Talk

Abstract

PostgreSQL's current password-based authentication mechanism is old and weak by today's standards. It uses MD5, which is generally considered not secure anymore. SSL can alleviate that, and there are other, stronger, authentication mechanisms like Kerberos, but they are more complicated to set up. SCRAM is a modern, secure password-based authentication mechanism. There is a patch in the works, to support SCRAM authentication in PostgreSQL, replacing the current MD5 authentication mechanism in the long run. By the time of PGCon, it is hopefully committed, and will appear in PostgreSQL version 10. In this presentation, I will explain how SCRAM works, and the benefits it has over current authentication mechanisms. I will give an update of the current status of the patch, as well as status of driver support and future works.