Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nw85a-0007Jb-Fi for pgsql-docs@arkaria.postgresql.org; Tue, 31 May 2022 20:03:38 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1nw85Z-0006RJ-Bk for pgsql-docs@arkaria.postgresql.org; Tue, 31 May 2022 20:03:37 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nw85Z-0006R8-1k for pgsql-docs@lists.postgresql.org; Tue, 31 May 2022 20:03:37 +0000 Received: from mail-lf1-x131.google.com ([2a00:1450:4864:20::131]) by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1nw85V-0002Pt-0A for pgsql-docs@lists.postgresql.org; Tue, 31 May 2022 20:03:36 +0000 Received: by mail-lf1-x131.google.com with SMTP id a15so3957874lfb.9 for ; Tue, 31 May 2022 13:03:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hagander-net.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Wd6I/5KrIajtJrgPvS9H/P62D2W00j/1bi4aGlPl9LE=; b=v4ZhNeInQBdP9F5dRVlj1ZblJybwspDgvo/PEekWODwttsIPWxj4Xyh0H0771pncWo idRMewphd6Wi41U8GmZLaUNoTkUbOkT5DGsRaj9FThPRdjJCnC5DWfsTZHFUacy6yqiZ ZrhypZbifEvv7N220ycZHnR62+uozBQKoEozQfe+lJaOtQdKJdcZ+TOcwl+m3p4ZEthw lPV78rDhI9Sw5DJ6q00O/wX39e07OGuJ2ZRuAluQf1N7BLSo3dMae8A6REP6y4aPUQC5 TFlC+m4tanQVjfi6oQCwDr+isniEwy0+EtNHQq+uDA8L2+ezq+cFQUhYp7uKI+S9Swpt MP9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Wd6I/5KrIajtJrgPvS9H/P62D2W00j/1bi4aGlPl9LE=; b=UwwARvelaNGpv1+I8GCUMcd21ZqBZEVj1ByI992AzTNp3vunwPtyITae8PxrHyyh8l mTExe0dJfgwoREtIp6JLwelSb/aPjiuCQNd88BZiLuYrVFZDjfT34sslpfUd+VR5EdA1 I/USXRgIRviLHyH6/Qw/BBDlsjznkn0bke/reFIl5xKNhv4iXmtvh8lBRhQqImpL8fp1 fXJduzlMKoF1tSk0SPCbyAZuWaHPmPTMExCttmOkPE5xQP5P3mBskj3I3oQZ7G2NPdoY 13N6BEkP3dOIo4jxoRKDJSLWHCKC8SOZwzfD4Uqbw9FUZsESLb5FVprDy0sWIKd2s/vv LvYg== X-Gm-Message-State: AOAM532YZwfF14+oUF4sFEXQwxsfzQYm30GxdGvatAizX8rbeV49PGwZ EtcCZMg/5UEpBdYFLifiP1NFT3MKNuWVyV/xZZ42lQ== X-Google-Smtp-Source: ABdhPJx2759ao6gP2fVWGheGgg5+Mc30a1ZG3yBSghTV7ytuLoLVcmbSWmed1o90ZLkbwrs7LPrG0bFo9ZOltAhAqYc= X-Received: by 2002:a05:6512:2211:b0:478:d24a:bad7 with SMTP id h17-20020a056512221100b00478d24abad7mr12249341lfu.331.1654027411551; Tue, 31 May 2022 13:03:31 -0700 (PDT) MIME-Version: 1.0 References: <2e8b6f77-5ac1-09f4-40b3-d2086aa48ef7@postgresql.org> In-Reply-To: <2e8b6f77-5ac1-09f4-40b3-d2086aa48ef7@postgresql.org> From: Magnus Hagander Date: Tue, 31 May 2022 22:03:16 +0200 Message-ID: Subject: Re: Should we really recommend "-A md5 or -A password"? To: "Jonathan S. Katz" Cc: "Daniel Westermann (DWE)" , "pgsql-docs@lists.postgresql.org" Content-Type: multipart/alternative; boundary="00000000000050923005e05444a6" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --00000000000050923005e05444a6 Content-Type: text/plain; charset="UTF-8" On Tue, May 31, 2022 at 3:57 PM Jonathan S. Katz wrote: > On 5/31/22 8:35 AM, Magnus Hagander wrote: > > > > > > On Tue, May 31, 2022 at 2:29 PM Daniel Westermann (DWE) > > > > wrote: > > > > Hi, > > > > I just came across this: > > "Also, specify -A md5 or -A password so that the default trust > > authentication mode is not used;" > > https://www.postgresql.org/docs/current/creating-cluster.html > > > > > > Shouldn't we change that to "-A scram-sha-256" ? > > > > > > Yes I think we absolutely should! > > +1 > > Proposed patch attached. This also removes "-A password" from that > sentence as well. > Applied and backpatched to 14. Thanks! -- Magnus Hagander Me: https://www.hagander.net/ Work: https://www.redpill-linpro.com/ --00000000000050923005e05444a6 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Tue, May 31, 2022 at 3:57 PM Jonathan = S. Katz <jkatz@postgresql.org> wrote:
On 5/31/22 8:35 AM, Magnus Hagander wrote:
>
>
> On Tue, May 31, 2022 at 2:29 PM Daniel Westermann (DWE)
> <daniel.westermann@dbi-services.com
> <mailto:daniel.westermann@dbi-services.com>> wrote:
>
>=C2=A0 =C2=A0 =C2=A0Hi,
>
>=C2=A0 =C2=A0 =C2=A0I just came across this:
>=C2=A0 =C2=A0 =C2=A0"Also, specify -A md5 or -A password so that t= he default trust
>=C2=A0 =C2=A0 =C2=A0authentication mode is not used;"
>=C2=A0 =C2=A0 =C2=A0https://www.pos= tgresql.org/docs/current/creating-cluster.html
>=C2=A0 =C2=A0 =C2=A0<https://www= .postgresql.org/docs/current/creating-cluster.html>
>
>=C2=A0 =C2=A0 =C2=A0Shouldn't we change that to "-A scram-sha-= 256" ?
>
>
> Yes I think we absolutely should!

+1

Proposed patch attached. This also removes "-A password" from tha= t
sentence as well.

Applied and backpatch= ed to 14. Thanks!
=C2=A0
--
=C2=A0Magnus Hagander
=C2=A0M= e: https://www.hagan= der.net/
=C2=A0Work: https://www.redpill-linpro.com/
--00000000000050923005e05444a6--