From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Christoph Berg <myon(at)debian(dot)org>, Devrim Gündüz <devrim(at)gunduz(dot)org>, Craig Ringer <craig(at)2ndquadrant(dot)com>, pgsql-pkg-yum <pgsql-pkg-yum(at)postgresql(dot)org> |
Subject: | Re: Can we stop defaulting to 'ident'? |
Date: | 2019-12-20 15:06:44 |
Message-ID: | 20191220150644.GO3195@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-pkg-debian pgsql-pkg-yum |
Greetings,
* Christoph Berg (myon(at)debian(dot)org) wrote:
> Re: Devrim Gündüz 2019-12-20 <77df509da61adaebca6c5f0451f1c1616f1faa45(dot)camel(at)gunduz(dot)org>
> > > but I think it's pretty unhelpful. At least if we used 'md5' the user could
> > > set passwords and have them actually work.
> >
> > IMHO the only alternative could be "trust", because I am not holding my breath
> > for the majority of our users to be able to setup a password that easily
> > (yeah). I'm also not inclined to setup a default password for RPM installations
> > (and also RPMs must not do any interactive work, like asking for a password)
>
> Fwiw, the Debian packages have been using md5 forever, and do not set
> a password either. People seem to be able to set a password
> themselves. I've never heard any complaint about it. (Except for some
> poking that scram might be better.)
SCRAM is *definitely* better and I strongly support us moving to it,
provided it doesn't break anything existing (which it generally
shouldn't... but maybe there's some weird edge cases, or possibly older
clients, but still, at some point, we need to move this default to be
SCRAM).
That said- we should be using peer for local unix sockets and SCRAM for
host-based password (local or not...), and ident needs to just die.
Thanks,
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Christoph Berg | 2019-12-20 15:15:35 | Re: Can we stop defaulting to 'ident'? |
Previous Message | apt.postgresql.org Repository Update | 2019-12-20 12:44:18 | pgbackrest updated to version 2.20-1.pgdg+1 |
From | Date | Subject | |
---|---|---|---|
Next Message | Christoph Berg | 2019-12-20 15:15:35 | Re: Can we stop defaulting to 'ident'? |
Previous Message | Devrim Gündüz | 2019-12-20 11:57:38 | Re: Build process documentation? Also patches to make it easier to build individual packages |