- 论坛徽章:
- 2
|
Start-up
To begin a session, a frontend opens a connection to the server and sends a startup message. This message includes the names of the user and of the database the user wants to connect to; it also identifies the particular protocol version to be used. (Optionally, the startup message can include additional settings for run-time parameters.)
连接一开始只发送了用户名和数据库名,并没有发送密码。
client不能选择认证方式,也不知道密码是否被需要(比如trust,peer,ident等等)。
The server then uses this information and the contents of its configuration files (such as pg_hba.conf) to determine whether the connection is provisionally acceptable, and what additional authentication is required (if any).
server根据这些信息以及配置来选择是否需要认证,以及应该使用哪种认证方式。
AuthenticationCleartextPassword
The frontend must now send a PasswordMessage containing the password in clear-text form. If this is the correct password, the server responds with an AuthenticationOk, otherwise it responds with an ErrorResponse.
AuthenticationMD5Password
The frontend must now send a PasswordMessage containing the password encrypted via MD5, using the 4-character salt specified in the AuthenticationMD5Password message. If this is the correct password, the server responds with an AuthenticationOk, otherwise it responds with an ErrorResponse.
于是server就可以查询hba并根据md5或password发送不同的认证请求(或者根本就不需要认证请求)。
这时候client再选择密码传输的方式。
相关资料:
Password Authentication
Message Formats
|
|