Re: password_encryption, default and 'plain' support

On 05/03/2017 07:14 PM, Tom Lane wrote:
> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
>> On Wed, May 3, 2017 at 7:31 AM, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> wrote:
>>> So, I propose that we remove support for password_encryption='plain' in
>>> PostgreSQL 10. If you try to do that, you'll get an error.
>
>> I have no idea how widely used that option is.
>
> Is it possible that there are still client libraries that don't support
> password encryption at all? If so, are we willing to break them?
> I'd say "yes" but it's worth thinking about.

That doesn't make sense. The client doesn't even know what
password_encryption is set to. I think you're confusing
password_encryption='plain' with the plaintext "password" authentication
method.

If the server has an MD5 hash stored in pg_authid, the server will ask
the client to do MD5 authentication. If the server has a SCRAM verifier
in pg_authid, it will ask the client to do SCRAM authentication. If the
server has a plaintext password in pg_authid, it will also ask the
client to do SCRAM authentication (it could ask for MD5 authentication,
but as the code stands, it will ask for SCRAM).

The server will only ask the client to do plaintext password
authentication, if you put "password" as the authentication method in
pg_hba.conf. But that works regardless of what password_encryption is
set to.

No, I don't think there's any valid reason to store passwords in
plaintext anymore. In theory, you could use either MD5 or SCRAM
authentication with a plaintext password, which would be an advantage,
but we don't provide an option for that.

- Heikki