Greetings,
* Jonathan S. Katz (jkatz@postgresql.org) wrote:
> On 5/24/19 8:33 AM, Stephen Frost wrote:
> > We need to provide better documentation about how to get from md5 to
> > SCRAM, in my view. I'm not sure where that should live, exactly.
> > I really wish we had put more effort into making the migration easy to
> > do over a period of time, and we might actually have to do that before
> > the packagers would be willing to make that change.
>
> +100...I think we should do this regardless, and I was already thinking
> of writing something up around it. I would even suggest that we have
> said password upgrade documentation backpatched to 10.
Not sure that backpatching is necessary, but I'm not actively against
it.
What I was really getting at though was the ability to have multiple
authenticator tokens active concurrently (eg: md5 AND SCRAM), with an
ability to use either one (idk, md5_or_scram auth method?), and then
automatically set both on password change until everything is using
SCRAM and then remove all MD5 stuff.
Or something along those lines. In other words, I'm talking about new
development work to ease the migration (while also providing some oft
asked about features, like the ability to do rolling passwords...).
Thanks,
Stephen
