Re: initdb recommendations

On Thu, May 23, 2019, 18:54 Peter Eisentraut <
peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:

> On 2019-04-06 20:08, Noah Misch wrote:
> >>> I think we should just change the defaults. There is a risk of warning
> >>> fatigue. initdb does warn about this, so anyone who cared could have
> >>> gotten the information.
> >>>
> >>
> >> I've been suggesting that for years, so definite strong +1 for doing
> that.
> >
> > +1
>
> To recap, the idea here was to change the default authentication methods
> that initdb sets up, in place of "trust".
>
> I think the ideal scenario would be to use "peer" for local and some
> appropriate password method (being discussed elsewhere) for host.
>
> Looking through the buildfarm, I gather that the only platforms that
> don't support peer are Windows, AIX, and HP-UX. I think we can probably
> figure out some fallback or alternative default for the latter two
> platforms without anyone noticing. But what should the defaults be on
> Windows? It doesn't have local sockets, so the lack of peer wouldn't
> matter. But is it OK to default to a password method, or would that
> upset people particularly?
>

I'm sure password would be fine there. It's what "everybody else" does
(well sqlserver also cord integrated security, but people are used to it).

/Magnus