| From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: sunsetting md5 password support |
| Date: | 2024-10-16 15:30:11 |
| Message-ID: | Zw_cAwYO5bhaku3k@nathan |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Oct 11, 2024 at 04:36:27PM -0500, Nathan Bossart wrote:
> Here is a first attempt at a patch for marking MD5 passwords as deprecated.
> It's quite bare-bones at the moment, so I anticipate future revisions will
> add more content. Besides sprinkling several deprecation notices
> throughout the documentation, this patch teaches CREATE ROLE and ALTER ROLE
> to emit warnings when setting MD5 passwords. A new GUC named
> md5_password_warnings can be set to "off" to disable these warnings. I
> considered adding even more warnings (e.g., when authenticating), but I
> felt that would be far too noisy.
In v2, I've added an entry for the new md5_password_warnings GUC to the
documentation, and I've simplified the passwordcheck test changes a bit.
--
nathan
| Attachment | Content-Type | Size |
|---|---|---|
| v2-0001-Deprecate-MD5-passwords.patch | text/plain | 17.0 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jacob Champion | 2024-10-16 15:30:56 | Re: Add support to TLS 1.3 cipher suites and curves lists |
| Previous Message | Tomas Vondra | 2024-10-16 15:09:13 | Re: BitmapHeapScan streaming read user and prelim refactoring |