On 5/23/19 6:47 PM, Jonathan S. Katz wrote:
> On 5/23/19 12:54 PM, Peter Eisentraut wrote:
>> On 2019-04-06 20:08, Noah Misch wrote:
>>>>> I think we should just change the defaults. There is a risk of warning
>>>>> fatigue. initdb does warn about this, so anyone who cared could have
>>>>> gotten the information.
>>>>>
>>>>
>>>> I've been suggesting that for years, so definite strong +1 for doing that.
>>>
>>> +1
>>
>> To recap, the idea here was to change the default authentication methods
>> that initdb sets up, in place of "trust".
>>
>> I think the ideal scenario would be to use "peer" for local and some
>> appropriate password method (being discussed elsewhere) for host.
>
> +1.
>
>> Looking through the buildfarm, I gather that the only platforms that
>> don't support peer are Windows, AIX, and HP-UX. I think we can probably
>> figure out some fallback or alternative default for the latter two
>> platforms without anyone noticing. But what should the defaults be on
>> Windows? It doesn't have local sockets, so the lack of peer wouldn't
>> matter. But is it OK to default to a password method, or would that
>> upset people particularly?
>
> +1 for password method. Definitely better than trust :)
Attached is v2 of the patch.
For now I have left in the password based method to be scram-sha-256 as
I am optimistic about the support across client drivers[1] (and FWIW I
have an implementation for crystal-pg ~60% done).
However, this probably means we would need to set the default password
encryption guc to "scram-sha-256" which we're not ready to do yet, so it
may be moot to leave it in.
So, thinking out loud about that, we should probably use "md5" and once
we decide to make the encryption method "scram-sha-256" by default, then
we update the recommendation?
Thanks,
Jonathan
