Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> (Personally I think there's a very good case for completely ripping out
> RFC1413 ident auth. I've not seen it used in a great long while, and
> it's always been a security risk.)
FWIW, I agree with that --- or at least making it a not-built-by-default
option.
Probably the right time to make any such changes is at the same time
we add the proposed more-secure-than-MD5 password option.
regards, tom lane