SCRAM authentication with storage_password

[ruimarinho]

Hi,

While plaintext and md5 work as storage_password, it looks like something like the above doesn't work:

  user "foo" {
    authentication "scram-sha-256"
    storage "postgres_server"
    password "SCRAM-SHA-256$4096:TiXf7clnYPBZXHWwtfP2Ow==$U3Y0Ny4pPX+wa9+LydXLveUaj5CvmwV3h8iz+w6G99c=:ozzuBOWZ6HvvpzJds2mOrW35NlR0oIx7/IZ9a9x3Ees="
    storage_password "SCRAM-SHA-256$4096:KqDiDjtqxZckSqMfXmP7qQ==$GzpeG1gz6M+/34r1duqD/TjvWr9RQHu4wvlYTvijL1M=:PJwD8Uo4vHcmzu/QlSX1yW3st3fzqzU3G48DzfKlE2A="
  }

Here's what the log in debug mode shows:

2021-02-22T00:00:16Z debug [c98317630a516 none] (auth) PasswordMessage
2021-02-22T00:00:16Z debug [c98317630a516 none] (auth) PasswordMessage
2021-02-22T00:00:16Z debug [c98317630a516 sef4f1d11868b] (setup) client 98317630a516 attached to sef4f1d11868b
2021-02-22T00:00:16Z info [c98317630a516 sef4f1d11868b] (setup) new server connection postgres-master:5432 (connect time: 732 usec, resolve time: 582 usec)
2021-02-22T00:00:16Z debug [none sef4f1d11868b] (startup) received packet type: Authentication
2021-02-22T00:00:16Z debug [none sef4f1d11868b] (auth) requested SASL authentication
2021-02-22T00:00:16Z debug [none sef4f1d11868b] (startup) received packet type: Authentication
2021-02-22T00:00:16Z debug [none sef4f1d11868b] (auth) continue SASL authentication
2021-02-22T00:00:16Z debug [none sef4f1d11868b] (startup) received packet type: ErrorResponse
2021-02-22T00:00:16Z error [c98317630a516 sef4f1d11868b] (startup) FATAL 28P01 password authentication failed for user "foo"

[x4m]

Hi! Thanks for the report. Seems like we do not have tests for this and, as a result, this does not work. This is a bug and will be fixed eventually.

[marcbachmann]

I think this is still an issue. I only was able to get the auth query to work.