On Sat, Jun 23, 2007 at 12:02:43PM -0400, Tom Lane wrote:
> Magnus Hagander <magnus@hagander.net> writes:
> >> One thing I've thought about doing is to remove the default in initdb
> >> completely and *force* the user to choose auth type. Packagers can
> >> then just use that to set ident or whatever. and interactive users
> >> can pick trust if they really need it, but it will be a known choice.
>
> > Since nobody comemnted on this, let me turn it around and ask: Does
> > anybody have any reason *not* to do this?
>
> I'll object if no one else does: this will break existing installation
> habits and processes to no real benefit.
>
> regards, tom lane
>
I agree with Tom on this. We have a number of install and provisioning
scripts that would become ridiculously convoluted and problematic if the
default is changed from trust. It is not unreasonable to expect a certain
degree of competence from anyone running a database server. Our default
postgresql install script asks for a system password and sets everything
to md5. If the user knows enough to stray from the default install, they
are assumed to know enough to keep out of trouble.
Cheers,
Ken
