pgcat icon indicating copy to clipboard operation
pgcat copied to clipboard

Published 20 hours ago verified publisher icon postgresml

feat: SASL (SCRAM-SHA-256) authentication

Open rkrishn7 opened this issue 1 year ago • 13 comments

This PR implements SCRAM-SHA-256 SASL mechanism for client <> proxy authentication

Notes for reviewer:

  • I tried to keep the PR focused and not do too much refactoring. There's definitely opportunity to follow a similar pattern for MD5 authentication and consolidate some code from the scram module. However, it may be best to sequence it out into subsequent PRs for review purposes

Open Questions:

  • The current config setup allows for individual pools to override the general auth config. I wasn't quite sure if this makes sense. Completely open to other ideas

Closes #624

rkrishn7 avatar Oct 30 '23 03:10 rkrishn7

Thank you for this. I'll review it asap.

levkk avatar Nov 08 '23 01:11 levkk

Hey @levkk! Just checking back in here. Do you have an idea of when you'll be able to get to this? Thanks!

rkrishn7 avatar Dec 01 '23 20:12 rkrishn7

Hi. Thank you for the PR. I haven't forgotten about it, I'll try to review it sometime this weekend or early next week. Please feel free to ping me again if I don't get back to you by then.

levkk avatar Dec 01 '23 23:12 levkk

Hi @levkk and @rkrishn7, got any news for this one?

ConstBur avatar Dec 19 '23 21:12 ConstBur

@rkrishn7: Nice!

Any progress on this PR?

Linked to:

  • https://github.com/scram-sasl/info/issues/1

Neustradamus avatar Jan 06 '24 20:01 Neustradamus

Hi! This would be a really nice feature, ➕1 to get this in. Thank you to author and reviewers.

adriangb avatar Jan 29 '24 13:01 adriangb

Hi, All my PostgreSQL database baseline the scram-sha-256, this feature very useful.

mingjunyang avatar Mar 20 '24 07:03 mingjunyang

This would be really helpful. Apologies for the ping @levkk but have you been able to review this yet?

RiverPhillips avatar Apr 29 '24 11:04 RiverPhillips

I tried building this PR and testing it and ran into an error when actually using scram-sha-256 on this line here. I think it needs a little more work to get this working with the existing implementation in auth_passthrough.rs

RiverPhillips avatar May 02 '24 15:05 RiverPhillips

Sorry for pinging, but this is the only feature missing for us to migrate our entire stack to pgcat instead of pgbouncer

semoal avatar May 19 '24 15:05 semoal

Is there a beta 2.0 possibly coming out soon?

On Sun, May 19, 2024 at 11:31 AM Sergio Moreno @.***> wrote:

Sorry for pinging, but this is the only feature missing for us to migrate our entire stack to pgcat instead of pgbouncer

— Reply to this email directly, view it on GitHub https://github.com/postgresml/pgcat/pull/631#issuecomment-2119276508, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAMWOHWCCONTS4QWHVZCQSTZDDAU7AVCNFSM6AAAAAA6VLJPOWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMJZGI3TMNJQHA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

luss avatar May 19 '24 17:05 luss

Working on 2.0 as we speak. Will have some more news soon.

levkk avatar May 19 '24 20:05 levkk

Sorry for pinging, but this is the only feature missing for us to migrate our entire stack to pgcat instead of pgbouncer

Same here with me. pgcat has some very useful features that are a huge advantage over pgbouncer but pgbouncer has a lot more options on the auth front. scram-sha-256 is a huge piece of that and would love to see it included in pcat. Has there been any progress on this PR?

AndrewJackson2020 avatar Jun 10 '24 13:06 AndrewJackson2020