Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: SASL (SCRAM-SHA-256) authentication #631

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

feat: SASL (SCRAM-SHA-256) authentication #631

wants to merge 10 commits into from
+1,036 −199

Conversation

rkrishn7
Copy link

@rkrishn7 rkrishn7 commented Oct 30, 2023
edited

This PR implements SCRAM-SHA-256 SASL mechanism for client <> proxy authentication

Notes for reviewer:

  • I tried to keep the PR focused and not do too much refactoring. There's definitely opportunity to follow a similar pattern for MD5 authentication and consolidate some code from the scram module. However, it may be best to sequence it out into subsequent PRs for review purposes

Open Questions:

  • The current config setup allows for individual pools to override the general auth config. I wasn't quite sure if this makes sense. Completely open to other ideas

Closes #624

@levkk
Copy link
Collaborator

levkk commented Nov 8, 2023

Thank you for this. I'll review it asap.

@rkrishn7
Copy link
Author

rkrishn7 commented Dec 1, 2023

Hey @levkk! Just checking back in here. Do you have an idea of when you'll be able to get to this? Thanks!

@levkk
Copy link
Collaborator

levkk commented Dec 1, 2023
edited

Hi. Thank you for the PR. I haven't forgotten about it, I'll try to review it sometime this weekend or early next week. Please feel free to ping me again if I don't get back to you by then.

@ConstBur
Copy link

Hi @levkk and @rkrishn7, got any news for this one?

@Neustradamus
Copy link

@rkrishn7: Nice!

Any progress on this PR?

Linked to:

@adriangb
Copy link

Hi! This would be a really nice feature, ➕1 to get this in. Thank you to author and reviewers.

@mingjunyang
Copy link

Hi, All my PostgreSQL database baseline the scram-sha-256, this feature very useful.

@RiverPhillips
Copy link

This would be really helpful. Apologies for the ping @levkk but have you been able to review this yet?

@RiverPhillips
Copy link

I tried building this PR and testing it and ran into an error when actually using scram-sha-256 on this line here. I think it needs a little more work to get this working with the existing implementation in auth_passthrough.rs

@semoal
Copy link

semoal commented May 19, 2024

Sorry for pinging, but this is the only feature missing for us to migrate our entire stack to pgcat instead of pgbouncer

@luss
Copy link

luss commented May 19, 2024 via email

@levkk
Copy link
Collaborator

levkk commented May 19, 2024

Working on 2.0 as we speak. Will have some more news soon.

@AndrewJackson2020
Copy link

Sorry for pinging, but this is the only feature missing for us to migrate our entire stack to pgcat instead of pgbouncer

Same here with me. pgcat has some very useful features that are a huge advantage over pgbouncer but pgbouncer has a lot more options on the auth front. scram-sha-256 is a huge piece of that and would love to see it included in pcat. Has there been any progress on this PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat: SASL client support
10 participants
@rkrishn7 @levkk @ConstBur @Neustradamus @adriangb @mingjunyang @RiverPhillips @semoal @luss @AndrewJackson2020