Re: Deprecations in authentication

On 18 October 2012 12:37, Magnus Hagander <magnus@hagander.net> wrote:
> On Thu, Oct 18, 2012 at 1:32 PM, Simon Riggs <simon@2ndquadrant.com> wrote:
>> On 18 October 2012 12:20, Magnus Hagander <magnus@hagander.net> wrote:
>>
>>> 2. ident-over-unix-sockets was renamed to "peer" in 9.1, with the old
>>> syntax deprecated but still mapping to the new one. Has it been there
>>> long enough that we should start throwing an error for ident on unix?
>>
>> Any reason to remove? Having two names for same thing is a happy place
>> for users with bad/fond memories. It costs little and no errors are
>> associated with using the old name (are there?).
>
> The only real reason for that one would be confusion. e.g. using ident
> over tcp is for most people very insecure, whereas ident over unix
> sockets is very secure. there are exceptions to both those, but for
> the majority of cases we are using the same name for one thing that
> has very good security and one that has very bad. And confusion when
> it comes to security is usually not a good thing.

I'll go with that.

-- Simon Riggs                   http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services