On 2021-May-10, Bruce Momjian wrote:
> I reworeded it to:
>
> <listitem>
> <!--
> Author: Peter Eisentraut <peter@eisentraut.org>
> 2020-06-10 [c7eab0e97] Change default of password_encryption to scram-sha-256
> -->
>
> <para>
> Limit the ways password_encryption can enable md5 hashing (Peter Eisentraut)
> </para>
>
> <para>
> Previously on/true/yes/1 values enabled md5. Now, only the string md5 does this.
> </para>
> </listitem>
>
> I also have this entry:
>
> <listitem>
> <!--
> Author: Peter Eisentraut <peter@eisentraut.org>
> 2020-06-10 [c7eab0e97] Change default of password_encryption to scram-sha-256
> -->
>
> <para>
> Change password_encryption's default to scram-sha-256 (Peter Eisentraut)
> </para>
>
> <para>
> Previously it was md5.
> </para>
> </listitem>
>
> I am hesitant to merge them since they are different changes.
Different? The commit IDs look pretty similar to me, not to say exactly
identical.
Reading these, it's pretty unclear what password_encryption *is* in the
first place. The item should say "the password_encryption server
parameter" -- that's what we have in the pg10 note for precursor commit
eb61136dc.
I would suggest
<para>
Change the default of the password_encryption server parameter to
scram-sha-256.
</para>
<para>
Also, the legacy (and undocumented) boolean-like values which were
previously synonyms of <literal>md5</literal> are no longer accepted.
</para>
--
Álvaro Herrera Valdivia, Chile
"The Gord often wonders why people threaten never to come back after they've
been told never to return" (www.actsofgord.com)
