feat: implement md5 authentication (!57) · Merge requests · core / tarantool

Maksim Kaitmazian requested to merge implement-md5-auth-method into picodata-submodule Jun 02, 2023

md5 authentication prevents password sniffing and avoids storing passwords on the server in plain text but provides no protection if an attacker manages to steal the password hash from the server.

Usage example:

-- Enable the md5 authentication method for all new users.
box.cfg({auth_type = 'md5'})

-- Reset existing user passwords to use the md5 authentication method.
box.schema.user.passwd('alice', 'topsecret')

-- Authenticate using the md5 authentication method via net.box.
conn = require('net.box').connect(uri, {
    user = 'alice',
    password = 'topsecret',
    -- Specifying the authentication method isn't strictly necessary:
    -- by default the client will use the method set in the remote
	-- server config (box.cfg.auth_type)
    auth_type = 'md5',
})

part of picodata/picodata/sbroad!377

feat: implement md5 authentication

Merge request reports