| From: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Vik Fearing <vik(at)postgresfriends(dot)org> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: password_encryption default |
| Date: | 2020-05-25 15:57:19 |
| Message-ID: | 3c6509e5-1d3d-423f-08b5-fc50df89c9e6@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 5/25/20 5:45 AM, Peter Eisentraut wrote:
> On 2020-05-22 23:23, Jonathan S. Katz wrote:
>>> Yeah. But there's still something to Jonathan's argument, because 9.6
>>> will go EOL in November 2021, which is pretty close to when v14 will
>>> reach public release (assuming we can hold to the typical schedule).
>>> If we do it in v13, there'll be a full year where still-supported
>>> versions of PG can't do SCRAM, implying that clients would likely
>>> fail to connect to an up-to-date server.
>>
>> ^ that's what I meant.
>
> Here is a proposed patch for PG14 then.
This makes me happy :D
I took a look over, it looks good. One question on the initdb.c diff:
- if (strcmp(authmethodlocal, "scram-sha-256") == 0 ||
- strcmp(authmethodhost, "scram-sha-256") == 0)
- {
- conflines = replace_token(conflines,
- "#password_encryption = md5",
- "password_encryption = scram-sha-256");
- }
-
Would we reverse this, i.e. if someone chooses authmethodlocal to be
"md5", we would then set "password_encryption = md5"?
Thanks,
Jonathan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Vik Fearing | 2020-05-25 16:01:07 | Re: Since '2001-09-09 01:46:40'::timestamp microseconds are lost when extracting epoch |
| Previous Message | Justin Pryzby | 2020-05-25 15:25:45 | Re: Failure to create GiST on ltree column |