On 2020-05-20 15:40, Christoph Berg wrote:
> Re: Peter Eisentraut
>> The upstream default is still to use md5 passwords by default, and some
>> deliberation has gone into that to keep it that way. So it would make sense
>> to have the RPMs also do that. The Debian packages also still use md5.
>> Some consistency across the board would be good. Otherwise it will be very
>> confusing for users if everyone just goes into their own direction.
>
> The upstream initdb default is still 'trust', but everyone agrees that
> it's good that distributions are changing that so something more
> secure, so we are already disconnected from the "true" default here.
Sorry, I should have been more clear. The upstream default of the GUC
parameter "password_encryption" is md5.
It is understood that the default client authentication method can be
changed downstream.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services