From: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org> |
---|---|
To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Cc: | Noah Misch <noah(at)leadboat(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net> |
Subject: | Re: initdb recommendations |
Date: | 2019-05-23 22:47:04 |
Message-ID: | 81b36e8b-e27b-ab5d-c4f0-6493771bc0ee@postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-docs pgsql-hackers |
On 5/23/19 12:54 PM, Peter Eisentraut wrote:
> On 2019-04-06 20:08, Noah Misch wrote:
>>>> I think we should just change the defaults. There is a risk of warning
>>>> fatigue. initdb does warn about this, so anyone who cared could have
>>>> gotten the information.
>>>>
>>>
>>> I've been suggesting that for years, so definite strong +1 for doing that.
>>
>> +1
>
> To recap, the idea here was to change the default authentication methods
> that initdb sets up, in place of "trust".
>
> I think the ideal scenario would be to use "peer" for local and some
> appropriate password method (being discussed elsewhere) for host.
+1.
> Looking through the buildfarm, I gather that the only platforms that
> don't support peer are Windows, AIX, and HP-UX. I think we can probably
> figure out some fallback or alternative default for the latter two
> platforms without anyone noticing. But what should the defaults be on
> Windows? It doesn't have local sockets, so the lack of peer wouldn't
> matter. But is it OK to default to a password method, or would that
> upset people particularly?
+1 for password method. Definitely better than trust :)
Jonathan
From | Date | Subject | |
---|---|---|---|
Next Message | Jonathan S. Katz | 2019-05-24 00:13:54 | Re: initdb recommendations |
Previous Message | Tobias Bussmann | 2019-05-23 21:50:12 | Docs for Generated Columns |
From | Date | Subject | |
---|---|---|---|
Next Message | Mark Dilger | 2019-05-23 22:47:11 | Re: Question about BarrierAttach spinlock |
Previous Message | Tom Lane | 2019-05-23 22:45:19 | Re: ClosePipeStream failure ignored in pg_import_system_collations |