I think it would be good to hear some other opinions on whether we should consider sending clear-text passwords to the server as either 1) fully supported, 2) deprecated but with no intent to remove anytime soon, or 3) deprecated with the intent of removal at some point in the next several years. I personally am -1 on the warning unless we have a consensus on (3), but I'm +1 on adding a way to enforce "pre-encryption" regardless.
That's more than fair. And "deprecation" doesn't need to mean that's the next step in the process. So warn -> deny by default (but allow if you work at it) -> remove completely. Which is very similar to our md5 path, I suppose. I'm certainly happy staying at that middle stage for an indefinite amount of time for both of those, as it means that Postgres is both "secure by default" but backwards compatible.
It's too bad we didn't have this discussion a few years ago. We could have decided that SCRAM authentication doesn't allow sending cleartext passwords and then relied on the phase-out of MD5 passwords to phase out sending of cleartext passwords.
