Re: SCRAM in the PG 10 release notes

On Thu, Sep 21, 2017 at 7:42 AM, Peter Eisentraut <
peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:

> On 9/19/17 20:45, Peter Eisentraut wrote:
> > On 9/19/17 17:55, Jeff Janes wrote:
> >> I guess I'm late to the party, but I don't see why this is needed at
> >> all. We encourage people to use any and all new features which are
> >> appropriate to them--that is why we implement new features. Why does
> >> this feature need a special invitation?
> >
> > It's not clear to me how an average user would get from the press
> > release or release notes to upgrading their installation to use
> > SCRAM-based authentication and passwords. A little bit more guidance
> > somewhere would be helpful.
>
> Here is a patch that expands the SCRAM documentation a bit, adds more
> explanation how the different options are related, and sets some better
> links. I think now you can get from the release notes to the relevant
> documentation and have enough information on how to put the new features
> into use.
>

This looks good to me. Might suggest adding verifying the clients as a
specific step:

"To upgrade an existing installation from md5 to scram-sha-256, verify that
all client software supports it, set password_encryption = 'scram-sha-256'
in postgresql.conf..."

Cheers,

Jeff