Magnus Hagander <magnus@hagander.net> writes:
> On Thu, Nov 18, 2010 at 19:21, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> I thought the proposal on the table was to add "peer" (or some other
>> name) to refer to the unix-socket auth method, and use that term
>> preferentially in the docs, while continuing to accept "ident" as an
>> old name for it. �Is that really too confusing?
> Yes, that's the current proposal - and also have the system log that
> "ident is deprecated, use peer" when it's found in the files.
Personally I could do without that little frammish. We don't issue
wrist-slaps for other obsolete usages; why single out this one?
It's also warning about the wrong thing. IMO the real subtext to this
discussion is that we're afraid people are using ident-over-TCP
insecurely because they've confused it with ident-over-socket.
Which is a legitimate concern, but issuing warnings about
ident-over-socket configurations will accomplish nothing whatsoever
to wake up the guy at risk, because he's not using one. It will only
make us look like pedantic nannies annoying people whose configurations
are perfectly fine.
regards, tom lane
