On 2019-04-06 20:08, Noah Misch wrote:
>>> I think we should just change the defaults. There is a risk of warning
>>> fatigue. initdb does warn about this, so anyone who cared could have
>>> gotten the information.
>>>
>>
>> I've been suggesting that for years, so definite strong +1 for doing that.
>
> +1
To recap, the idea here was to change the default authentication methods
that initdb sets up, in place of "trust".
I think the ideal scenario would be to use "peer" for local and some
appropriate password method (being discussed elsewhere) for host.
Looking through the buildfarm, I gather that the only platforms that
don't support peer are Windows, AIX, and HP-UX. I think we can probably
figure out some fallback or alternative default for the latter two
platforms without anyone noticing. But what should the defaults be on
Windows? It doesn't have local sockets, so the lack of peer wouldn't
matter. But is it OK to default to a password method, or would that
upset people particularly?
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
