| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
| Cc: | Christoph Berg <myon(at)debian(dot)org>, Devrim Gündüz <devrim(at)gunduz(dot)org>, Craig Ringer <craig(at)2ndquadrant(dot)com>, pgsql-pkg-yum <pgsql-pkg-yum(at)postgresql(dot)org> |
| Subject: | Re: Can we stop defaulting to 'md5'? |
| Date: | 2020-05-28 20:08:10 |
| Message-ID: | 20200528200810.GI6680@tamriel.snowman.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-pkg-debian pgsql-pkg-yum |
Greetings,
* Peter Eisentraut (peter(dot)eisentraut(at)2ndquadrant(dot)com) wrote:
> On 2020-05-28 18:38, Christoph Berg wrote:
> >Why do I have to decide*in pg_hba.conf* which hash algorithm is used?
> >Why can't that just be "password"?
> >
> >The password_encryption GUC should be the only place concerned with
> >that, and it should only be used for new passwords. Existing passwords
> >should just continue to work.*That* would allow seamless upgrades.
>
> You get that if you set the authentication method to "md5". (Clearly not a
> very clear name, but it exists.)
Yeah, the way that was done really wasn't terribly good.
Having 'password' or such, as Chritoph suggest, and then options for
"require=scram" / "require=scram,md5" / nothing (to allow whatever..)
would likely have been better, but that's not what we've got today so
there isn't much point in debating it here.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christoph Berg | 2020-05-28 20:11:22 | Re: Can we stop defaulting to 'md5'? |
| Previous Message | Peter Eisentraut | 2020-05-28 20:05:40 | Re: Can we stop defaulting to 'md5'? |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christoph Berg | 2020-05-28 20:11:22 | Re: Can we stop defaulting to 'md5'? |
| Previous Message | Peter Eisentraut | 2020-05-28 20:05:40 | Re: Can we stop defaulting to 'md5'? |