From: | "Jonathan S(dot) Katz" <jkatz(at)postgresql(dot)org> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, Joe Conway <mail(at)joeconway(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>, Noah Misch <noah(at)leadboat(dot)com> |
Subject: | Re: initdb recommendations |
Date: | 2019-05-24 13:13:42 |
Message-ID: | 830f9986-9665-b279-a679-787c93d1df51@postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-docs pgsql-hackers |
On 5/24/19 9:01 AM, Stephen Frost wrote:
> Greetings,
>
> * Jonathan S. Katz (jkatz(at)postgresql(dot)org) wrote:
>> On 5/24/19 8:33 AM, Stephen Frost wrote:
>>> We need to provide better documentation about how to get from md5 to
>>> SCRAM, in my view. I'm not sure where that should live, exactly.
>>> I really wish we had put more effort into making the migration easy to
>>> do over a period of time, and we might actually have to do that before
>>> the packagers would be willing to make that change.
>>
>> +100...I think we should do this regardless, and I was already thinking
>> of writing something up around it. I would even suggest that we have
>> said password upgrade documentation backpatched to 10.
>
> Not sure that backpatching is necessary, but I'm not actively against
> it.
Well, for someone who wants to cut over and has to manually guide the
process, a guide will help in absence of new development.
>
> What I was really getting at though was the ability to have multiple
> authenticator tokens active concurrently (eg: md5 AND SCRAM), with an
> ability to use either one (idk, md5_or_scram auth method?), and then
> automatically set both on password change until everything is using
> SCRAM and then remove all MD5 stuff.
>
> Or something along those lines. In other words, I'm talking about new
> development work to ease the migration (while also providing some oft
> asked about features, like the ability to do rolling passwords...).
Cool, I have been thinking about a similar feature as well to help ease
the transition (and fwiw was going to suggest it in my previous email).
I think an interim step at least is to document how we can at least help
ease the transition.
Thanks,
Jonathan
From | Date | Subject | |
---|---|---|---|
Next Message | Heikki Linnakangas | 2019-05-24 13:49:30 | Re: initdb recommendations |
Previous Message | Joe Conway | 2019-05-24 13:01:35 | Re: initdb recommendations |
From | Date | Subject | |
---|---|---|---|
Next Message | David Rowley | 2019-05-24 13:33:05 | Re: Excessive memory usage in multi-statement queries w/ partitioning |
Previous Message | Joe Conway | 2019-05-24 13:01:35 | Re: initdb recommendations |