Re: GSSAPI, SSPI - include_realm default

Bruce,

* Bruce Momjian (bruce(at)momjian(dot)us) wrote:
> On Tue, Dec 9, 2014 at 05:38:25PM -0500, Stephen Frost wrote:
> > > My comment that include_realm is supported back to 8.4 was because there
> > > is an expectation that a pg_hba.conf file can be used unchanged across
> > > several major releases. So when 9.5 comes out and people update their
> > > pg_hba.conf files for 9.5, those files will still work in old releases.
> > > But the time to do those updates is then, not now.
> >
> > The back-branches are being patched to discourage using the default
> > because it's not a secure approach. New users start using PG all the
> > time and so changing the existing documentation is worthwhile to ensure
> > those new users understand. A note in the release notes for whichever
> > minor release the change to the documentation shows up in would be a
> > good way to make existing users aware of the change and hopefully
> > encourage them to review their configuration.
> >
> > If we don't agree that the change should be made then we can discuss
> > that, but everyone commenting so far has agreed on the change.
>
> Where are we on this?

Thanks for the reminder. I've not forgotten about it and will work on
crafting language in the next week or so.

Thanks again!

Stephen