Expand description
PostgreSQL client-side authentication helpers.
Covers the two mechanisms we need today:
- MD5 (AuthenticationMD5Password, request code 5). Legacy but
still widely deployed. Payload is
"md5" + hex(md5(hex(md5(password + username)) + salt)). - SCRAM-SHA-256 (AuthenticationSASL, mechanism
SCRAM-SHA-256, request code 10). The current PG default.
Both implementations verify the server’s end of the handshake where
the protocol allows it — MD5 has no server-side verifier, SCRAM does
(the server-final message includes v=<server-signature>).
Structs§
- Scram
- SCRAM client state machine. Create with
Scram::client_first, feed the server-first intoclient_final, and feed the server-final intoverify_server. - Scram
Message - Result of one SCRAM step: the opaque bytes to send to the server.
Functions§
- md5_
password_ response - Compute the response payload for
AuthenticationMD5Password.