On 9/19/17 20:45, Peter Eisentraut wrote: > On 9/19/17 17:55, Jeff Janes wrote: >> I guess I'm late to the party, but I don't see why this is needed at >> all. We encourage people to use any and all new features which are >> appropriate to them--that is why we implement new features. Why does >> this feature need a special invitation? > > It's not clear to me how an average user would get from the press > release or release notes to upgrading their installation to use > SCRAM-based authentication and passwords. A little bit more guidance > somewhere would be helpful.
Here is a patch that expands the SCRAM documentation a bit, adds more explanation how the different options are related, and sets some better links. I think now you can get from the release notes to the relevant documentation and have enough information on how to put the new features into use.
This looks good to me. Might suggest adding verifying the clients as a specific step:
"To upgrade an existing installation from md5 to scram-sha-256, verify that all client software supports it, set password_encryption = 'scram-sha-256' in postgresql.conf..."
