From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Christoph Berg <myon(at)debian(dot)org>, Devrim Gündüz <devrim(at)gunduz(dot)org>, Craig Ringer <craig(at)2ndquadrant(dot)com>, pgsql-pkg-yum <pgsql-pkg-yum(at)postgresql(dot)org> |
Subject: | Re: Can we stop defaulting to 'ident'? |
Date: | 2020-05-20 15:03:32 |
Message-ID: | 32b7fe66-f0e6-42e5-3c95-7d123e7d7f6d@2ndquadrant.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-pkg-debian pgsql-pkg-yum |
On 2020-05-20 16:57, Stephen Frost wrote:
> Greetings,
>
> * Peter Eisentraut (peter(dot)eisentraut(at)2ndquadrant(dot)com) wrote:
>> Sorry, I should have been more clear. The upstream default of the GUC
>> parameter "password_encryption" is md5.
>
> Which, really, is pretty broken when we're going to be having our
> packagers setting up pg_hba.conf to use scram- at the *very* least it's
> ridiculously misleading because we're going to have SCRAM in pg_hba.conf
> but passwords actually stored as md5 and therefore we won't be getting
> the benefits from SCRAM auth (though it should still work, of course,
> since the SCRAM mode will fall back to working with an md5 password).
Devrim's commit to pgrpms did include a change to the default setting of
password_encryption, so it appears to be correct as far as it goes.
But this leads to other questions, like, what should pg_upgrade do?
These discussions should be had, but perhaps not on the RPM packaging
list the night before the release.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2020-05-20 15:33:37 | Re: Can we stop defaulting to 'ident'? |
Previous Message | Stephen Frost | 2020-05-20 14:57:52 | Re: Can we stop defaulting to 'ident'? |
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2020-05-20 15:33:37 | Re: Can we stop defaulting to 'ident'? |
Previous Message | Peter Eisentraut | 2020-05-20 14:58:56 | Re: Turning on archive_mode by default |