Re: BUG #16079: Question Regarding the BUG #16064

Jeff Janes <jeff.janes@gmail.com> writes:
> On Sun, Dec 20, 2020 at 7:58 PM Stephen Frost <sfrost@snowman.net> wrote:
>> * Magnus Hagander (magnus@hagander.net) wrote:
>>> Maybe we should do the same for LDAP (and RADIUS)? This seems like a
>>> better place to put it than to log it at every time it's received?

>> A dollar short and a year late, but ... +1.

> I would suggest going further.  I would make the change on the client side,
> and have libpq refuse to send unhashed passwords without having an
> environment variable set which allows it.

As noted, that would break LDAP and RADIUS auth methods; likely also PAM.

> What is the value of logging on the server side?

I do agree with this point, but mostly on the grounds of "nobody reads
the server log".

            regards, tom lane