Re: Can we stop defaulting to 'ident'?

On 2020-05-20 16:57, Stephen Frost wrote:
> Greetings,
>
> * Peter Eisentraut (peter(dot)eisentraut(at)2ndquadrant(dot)com) wrote:
>> Sorry, I should have been more clear. The upstream default of the GUC
>> parameter "password_encryption" is md5.
>
> Which, really, is pretty broken when we're going to be having our
> packagers setting up pg_hba.conf to use scram- at the *very* least it's
> ridiculously misleading because we're going to have SCRAM in pg_hba.conf
> but passwords actually stored as md5 and therefore we won't be getting
> the benefits from SCRAM auth (though it should still work, of course,
> since the SCRAM mode will fall back to working with an md5 password).

Devrim's commit to pgrpms did include a change to the default setting of
password_encryption, so it appears to be correct as far as it goes.

But this leads to other questions, like, what should pg_upgrade do?

These discussions should be had, but perhaps not on the RPM packaging
list the night before the release.

--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services