| From: | Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Allow cluster owner to bypass authentication |
| Date: | 2019-12-17 06:50:11 |
| Message-ID: | CAA8=A7_frFa7MnH770WD+h0fa1i-MVnkNkRoJsid+zhjfCFFWQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> > This has been hanging around for a while. I guess the reason it hasn't
> > got much attention is that on its own it's not terribly useful.
> > However, when you consider that it's a sensible prelude to setting a
> > more secure default for auth in initdb (I'd strongly advocate
> > SCRAM-SHA-256 for that) it takes on much more significance.
>
> I'm all for improving the default for auth in initdb, but why wouldn't
> that be peer auth first, followed by SCRAM..? If that's what you're
> suggesting then great, but that wasn't very clear from the email text,
> at least.
What this is suggesting is in effect, for the db owner only and only
on a Unix domain socket, peer auth falling back to whatever is in the
hba file. That makes setting something like scram-sha-256 as the
default more practicable.
If we don't do something like this then changing the default could
cause far more disruption than our users might like.
> I've not done more than glanced at the patch.
That might pay dividends :-)
cheers
andrew
--
Andrew Dunstan https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Arthur Zakirov | 2019-12-17 08:10:28 | Re: pg_upgrade fails with non-standard ACL |
| Previous Message | Amit Langote | 2019-12-17 06:47:07 | empty column name in error message |