| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org>, Pg Docs <pgsql-docs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: initdb recommendations |
| Date: | 2019-04-08 12:25:07 |
| Message-ID: | 0258afa0-db19-3694-d34b-7f6b33ae81d0@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs pgsql-hackers |
On 2019-04-05 18:11, Jonathan S. Katz wrote:
> + <para>
> + We recommend using the <option>-W</option>, <option>--pwprompt</option>,
> + or <option>--pwfile</option> flags to assign a password to the database
> + superuser, and to override the <filename>pg_hba.conf</filename> default
> + generation using <option>-auth-local peer</option> for local connections,
> + and <option>-auth-host scram-sha-256</option> for remote connections. See
> + <xref linkend="client-authentication"/> for more information on client
> + authentication methods.
> + </para>
As discussed on hackers, we are not ready to support scram-sha-256 out
of the box. So this advice, or any similar advice elsewhere, would need
to recommend "md5" as the setting --- which would probably be embarrassing.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jonathan S. Katz | 2019-04-08 12:41:04 | Re: initdb recommendations |
| Previous Message | PG Doc comments form | 2019-04-06 18:59:27 | How to query the underlying dictionary i.e. inverse of ts_lexize() |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2019-04-08 12:34:46 | Re: Pluggable Storage - Andres's take |
| Previous Message | Peter Eisentraut | 2019-04-08 12:19:46 | Re: change password_encryption default to scram-sha-256? |