public inbox for [email protected]
help / color / mirror / Atom feedFrom: Jonathan S. Katz <[email protected]>
To: Magnus Hagander <[email protected]>
To: Daniel Westermann (DWE) <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: Should we really recommend "-A md5 or -A password"?
Date: Tue, 31 May 2022 09:57:31 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <CABUevExDwD5HVMB6++8PM7QSFLgJssXu_cwcvxUBgyBHu4zk6g@mail.gmail.com>
References: <GV0P278MB0419A8BAC0B0B84AFA5263D9D2DC9@GV0P278MB0419.CHEP278.PROD.OUTLOOK.COM>
<CABUevExDwD5HVMB6++8PM7QSFLgJssXu_cwcvxUBgyBHu4zk6g@mail.gmail.com>
On 5/31/22 8:35 AM, Magnus Hagander wrote:
>
>
> On Tue, May 31, 2022 at 2:29 PM Daniel Westermann (DWE)
> <[email protected]
> <mailto:[email protected]>> wrote:
>
> Hi,
>
> I just came across this:
> "Also, specify -A md5 or -A password so that the default trust
> authentication mode is not used;"
> https://www.postgresql.org/docs/current/creating-cluster.html
> <https://www.postgresql.org/docs/current/creating-cluster.html;
>
> Shouldn't we change that to "-A scram-sha-256" ?
>
>
> Yes I think we absolutely should!
+1
Proposed patch attached. This also removes "-A password" from that
sentence as well.
Jonathan
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 62cec614d3..fac9b6b3bd 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -199,8 +199,8 @@ postgres$ <userinput>initdb -D /usr/local/pgsql/data</userinput>
<primary>password</primary>
<secondary>of the superuser</secondary>
</indexterm>
- Also, specify <option>-A md5</option> or
- <option>-A password</option> so that the default <literal>trust</literal> authentication
+ Also, specify <option>-A scram-sha-256</option>
+ so that the default <literal>trust</literal> authentication
mode is not used; or modify the generated <filename>pg_hba.conf</filename>
file after running <command>initdb</command>, but
<emphasis>before</emphasis> you start the server for the first time. (Other
Attachments:
[text/plain] initdb-auth-recommendation.patch (816B, 2-initdb-auth-recommendation.patch)
download | inline diff:
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 62cec614d3..fac9b6b3bd 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -199,8 +199,8 @@ postgres$ <userinput>initdb -D /usr/local/pgsql/data</userinput>
<primary>password</primary>
<secondary>of the superuser</secondary>
</indexterm>
- Also, specify <option>-A md5</option> or
- <option>-A password</option> so that the default <literal>trust</literal> authentication
+ Also, specify <option>-A scram-sha-256</option>
+ so that the default <literal>trust</literal> authentication
mode is not used; or modify the generated <filename>pg_hba.conf</filename>
file after running <command>initdb</command>, but
<emphasis>before</emphasis> you start the server for the first time. (Other
[application/pgp-signature] OpenPGP_signature (840B, 3-OpenPGP_signature)
download
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: Should we really recommend "-A md5 or -A password"?
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox