Re: Can we stop defaulting to 'ident'?

On 2020-05-20 17:03, Peter Eisentraut wrote:
> On 2020-05-20 16:57, Stephen Frost wrote:
>> Greetings,
>>
>> * Peter Eisentraut (peter(dot)eisentraut(at)2ndquadrant(dot)com) wrote:
>>> Sorry, I should have been more clear. The upstream default of the GUC
>>> parameter "password_encryption" is md5.
>>
>> Which, really, is pretty broken when we're going to be having our
>> packagers setting up pg_hba.conf to use scram- at the *very* least it's
>> ridiculously misleading because we're going to have SCRAM in pg_hba.conf
>> but passwords actually stored as md5 and therefore we won't be getting
>> the benefits from SCRAM auth (though it should still work, of course,
>> since the SCRAM mode will fall back to working with an md5 password).
>
> Devrim's commit to pgrpms did include a change to the default setting of
> password_encryption, so it appears to be correct as far as it goes.

I found that if you use initdb's -A option to set the default
authentication method, then the passsword_encryption setting is
automatically adjusted in postgresql.conf. So this patch probably isn't
even necessary.

--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services