diff options
| author | Peter Eisentraut <peter_e@gmx.net> | 2017-12-18 18:05:24 -0500 |
|---|---|---|
| committer | Peter Eisentraut <peter_e@gmx.net> | 2017-12-19 10:12:36 -0500 |
| commit | 4bbf110d2fb4f74b9385bd5a521f824dfa5f15ec (patch) | |
| tree | b09d54898a8c006c0ff4964c0bb0d22489b96d14 /doc/src | |
| parent | ab9e0e718acb9ded7e4c4b5cedc1d410690ea6ba (diff) | |
Add libpq connection parameter "scram_channel_binding"
This parameter can be used to enforce the channel binding type used
during a SCRAM authentication. This can be useful to check code paths
where an invalid channel binding type is used by a client and will be
even more useful to allow testing other channel binding types when they
are added.
The default value is tls-unique, which is what RFC 5802 specifies.
Clients can optionally specify an empty value, which has as effect to
not use channel binding and use SCRAM-SHA-256 as chosen SASL mechanism.
More tests for SCRAM and channel binding are added to the SSL test
suite.
Author: Author: Michael Paquier <michael.paquier@gmail.com>
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/libpq.sgml | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index 4703309254a..4e4645136c6 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -1222,6 +1222,30 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname </listitem> </varlistentry> + <varlistentry id="libpq-scram-channel-binding" xreflabel="scram_channel_binding"> + <term><literal>scram_channel_binding</literal></term> + <listitem> + <para> + Specifies the channel binding type to use with SCRAM authentication. + The list of channel binding types supported by server are listed in + <xref linkend="sasl-authentication"/>. An empty value specifies that + the client will not use channel binding. The default value is + <literal>tls-unique</literal>. + </para> + + <para> + Channel binding is only supported on SSL connections. If the + connection is not using SSL, then this setting is ignored. + </para> + + <para> + This parameter is mainly intended for protocol testing. In normal + use, there should not be a need to choose a channel binding type other + than the default one. + </para> + </listitem> + </varlistentry> + <varlistentry id="libpq-connect-sslmode" xreflabel="sslmode"> <term><literal>sslmode</literal></term> <listitem> |