On Wed, May 12, 2021 at 06:19:28PM -0400, Álvaro Herrera wrote:
> > I am hesitant to merge them since they are different changes.
>
> Different? The commit IDs look pretty similar to me, not to say exactly
> identical.
>
> Reading these, it's pretty unclear what password_encryption *is* in the
> first place. The item should say "the password_encryption server
> parameter" -- that's what we have in the pg10 note for precursor commit
> eb61136dc.
>
> I would suggest
>
> <para>
> Change the default of the password_encryption server parameter to
> scram-sha-256.
> </para>
>
> <para>
> Also, the legacy (and undocumented) boolean-like values which were
> previously synonyms of <literal>md5</literal> are no longer accepted.
> </para>
OK, updated text:
<listitem>
<!--
Author: Peter Eisentraut <peter@eisentraut.org>
2020-06-10 [c7eab0e97] Change default of password_encryption to scram-sha-256
-->
<para>
Change the default of the password_encryption server parameter
to scram-sha-256 (Peter Eisentraut)
</para>
<para>
Previously it was md5. All new passwords will be stored as SHA256
unless this server variable is changed or the password is already
md5-hashed. Also, the legacy (and undocumented) boolean-like
values which were previously synonyms of <literal>md5</literal>
are no longer accepted.
</para>
</listitem>
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com
If only the physical world exists, free will is an illusion.
