feat: implement md5 authentication (!70) · Merge requests · core / tarantool

Maksim Kaitmazian requested to merge md5-auth-method into 2.11.0-picodata Jun 29, 2023

NOTE: its already reviewed and merged to another branch.

It prevents password sniffing and avoids storing passwords on the server in plain text but provides no protection if an attacker manages to steal the password hash from the server.

Usage example:

-- Enable the md5 authentication method for all new users.
box.cfg({auth_type = 'md5'})

-- Reset existing user passwords to use the md5 authentication method.
box.schema.user.passwd('alice', 'topsecret')

-- Authenticate using the md5 authentication method via net.box.
conn = require('net.box').connect(uri, {
    user = 'alice',
    password = 'topsecret',
    -- Specifying the authentication method isn't strictly necessary:
    -- by default the client will use the method set in the remote
        -- server config (box.cfg.auth_type)
    auth_type = 'md5',
})

Edited Jun 29, 2023 by Maksim Kaitmazian

feat: implement md5 authentication

Merge request reports