Re: Disabling trust/ident authentication configure option

Stephen Frost <sfrost@snowman.net> writes:
> I don't agree with this either.  Providing a "bypass all authentication"
> configuration option really isn't a good thing.  Why don't packagers use
> our default pg_hba.conf?  Because it only makes sense in a development
> type of environment.  I'd argue the same is true for 'trust'.

Sure.  And the problem is that development environments are a perfectly
common and respectable use-case.  I cannot see Red Hat, for example,
shipping a Postgres that's built (not merely configured by user-changeable
config files, but hard-wired) to be unfriendly to developers.

If we could get to a point where there is another way that is superior
to "trust" even for single-user development environments, then maybe
it would be useful to try to persuade packagers to disable "trust".
But I don't even see a proposal for such a thing, let alone a track record
showing that nobody needs "trust".  And you really have got to get to the
point of being able to argue that *nobody* needs trust, not that some
use-cases don't need it, before you will impress most packagers.
        regards, tom lane