| From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
|---|---|
| To: | Greg Sabino Mullane <htamfids(at)gmail(dot)com> |
| Cc: | Jim Nasby <jnasby(at)upgrade(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: sunsetting md5 password support |
| Date: | 2024-11-20 01:55:04 |
| Message-ID: | Zz1BeHjbHECYENmO@nathan |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Nov 19, 2024 at 07:29:27PM -0500, Greg Sabino Mullane wrote:
> I just took a fresh look at / compiled this patch, and it all works as
> advertised. My one minor nit is this hint:
>
> HINT: Refer to the PostgreSQL documentation for details about migrating to
> another password type.
>
> We don't really have that in the docs, as near as I can tell, the closest
> is 20.5 which says "make all users set new passwords, and change the
> authentication method specifications in pg_hba.conf to scram-sha-256."
> Maybe that's enough?
That was my initial thinking. I think we have a few other options:
* Expand the documentation. Perhaps we could add a step-by-step guide for
migrating to SCRAM-SHA-256 since more users will need to do so when MD5
password support is removed.
* Remove the hint. It's arguably doing little more than pointing out the
obvious, and it doesn't actually tell users where in the documentation to
look for this information, anyway.
* Both of the above.
WDYT?
--
nathan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2024-11-20 02:09:36 | Re: Converting SetOp to read its two inputs separately |
| Previous Message | Greg Sabino Mullane | 2024-11-20 01:38:39 | Re: Proposals for EXPLAIN: rename ANALYZE to EXECUTE and extend VERBOSE |