Re: Can we stop defaulting to 'ident'?

On 2020-05-20 15:40, Christoph Berg wrote:
> Re: Peter Eisentraut
>> The upstream default is still to use md5 passwords by default, and some
>> deliberation has gone into that to keep it that way.  So it would make sense
>> to have the RPMs also do that.  The Debian packages also still use md5.
>> Some consistency across the board would be good.  Otherwise it will be very
>> confusing for users if everyone just goes into their own direction.
> 
> The upstream initdb default is still 'trust', but everyone agrees that
> it's good that distributions are changing that so something more
> secure, so we are already disconnected from the "true" default here.

Sorry, I should have been more clear.  The upstream default of the GUC 
parameter "password_encryption" is md5.

It is understood that the default client authentication method can be 
changed downstream.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services