Re: Can we stop defaulting to 'ident'?

On 2020-05-20 16:57, Stephen Frost wrote:
> Greetings,
> 
> * Peter Eisentraut (peter.eisentraut@2ndquadrant.com) wrote:
>> Sorry, I should have been more clear.  The upstream default of the GUC
>> parameter "password_encryption" is md5.
> 
> Which, really, is pretty broken when we're going to be having our
> packagers setting up pg_hba.conf to use scram- at the *very* least it's
> ridiculously misleading because we're going to have SCRAM in pg_hba.conf
> but passwords actually stored as md5 and therefore we won't be getting
> the benefits from SCRAM auth (though it should still work, of course,
> since the SCRAM mode will fall back to working with an md5 password).

Devrim's commit to pgrpms did include a change to the default setting of 
password_encryption, so it appears to be correct as far as it goes.

But this leads to other questions, like, what should pg_upgrade do?

These discussions should be had, but perhaps not on the RPM packaging 
list the night before the release.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services