Greetings,
* Peter Eisentraut (peter.eisentraut@2ndquadrant.com) wrote:
> On 2020-05-28 18:38, Christoph Berg wrote:
> >Why do I have to decide*in pg_hba.conf* which hash algorithm is used?
> >Why can't that just be "password"?
> >
> >The password_encryption GUC should be the only place concerned with
> >that, and it should only be used for new passwords. Existing passwords
> >should just continue to work.*That* would allow seamless upgrades.
>
> You get that if you set the authentication method to "md5". (Clearly not a
> very clear name, but it exists.)
Yeah, the way that was done really wasn't terribly good.
Having 'password' or such, as Chritoph suggest, and then options for
"require=scram" / "require=scram,md5" / nothing (to allow whatever..)
would likely have been better, but that's not what we've got today so
there isn't much point in debating it here.
Thanks,
Stephen