Should we really recommend "-A md5 or -A password"?

public inbox for [email protected]  
help / color / mirror / Atom feed

Should we really recommend "-A md5 or -A password"?
5+ messages / 3 participants
[nested] [flat]

* Should we really recommend "-A md5 or -A password"?
@ 2022-05-31 12:29  Daniel Westermann (DWE) <[email protected]>
  0 siblings, 1 reply; 5+ messages in thread

From: Daniel Westermann (DWE) @ 2022-05-31 12:29 UTC (permalink / raw)
  To: [email protected] <[email protected]>

Hi,

I just came across this:
"Also, specify -A md5 or -A password so that the default trust authentication mode is not used;"
https://www.postgresql.org/docs/current/creating-cluster.html

Shouldn't we change that to "-A scram-sha-256" ?

Regards
Daniel




^ permalink  raw  reply  [nested|flat] 5+ messages in thread

* Re: Should we really recommend "-A md5 or -A password"?
@ 2022-05-31 12:35  Magnus Hagander <[email protected]>
  parent: Daniel Westermann (DWE) <[email protected]>
  0 siblings, 1 reply; 5+ messages in thread

From: Magnus Hagander @ 2022-05-31 12:35 UTC (permalink / raw)
  To: Daniel Westermann (DWE) <[email protected]>; +Cc: [email protected] <[email protected]>

On Tue, May 31, 2022 at 2:29 PM Daniel Westermann (DWE) <
[email protected]> wrote:

> Hi,
>
> I just came across this:
> "Also, specify -A md5 or -A password so that the default trust
> authentication mode is not used;"
> https://www.postgresql.org/docs/current/creating-cluster.html
>
> Shouldn't we change that to "-A scram-sha-256" ?
>

Yes I think we absolutely should!

-- 
 Magnus Hagander
 Me: https://www.hagander.net/ <http://www.hagander.net/;
 Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/;

^ permalink  raw  reply  [nested|flat] 5+ messages in thread

* Re: Should we really recommend "-A md5 or -A password"?
@ 2022-05-31 13:57  Jonathan S. Katz <[email protected]>
  parent: Magnus Hagander <[email protected]>
  0 siblings, 1 reply; 5+ messages in thread

From: Jonathan S. Katz @ 2022-05-31 13:57 UTC (permalink / raw)
  To: Magnus Hagander <[email protected]>; Daniel Westermann (DWE) <[email protected]>; +Cc: [email protected] <[email protected]>

On 5/31/22 8:35 AM, Magnus Hagander wrote:
> 
> 
> On Tue, May 31, 2022 at 2:29 PM Daniel Westermann (DWE) 
> <[email protected] 
> <mailto:[email protected]>> wrote:
> 
>     Hi,
> 
>     I just came across this:
>     "Also, specify -A md5 or -A password so that the default trust
>     authentication mode is not used;"
>     https://www.postgresql.org/docs/current/creating-cluster.html
>     <https://www.postgresql.org/docs/current/creating-cluster.html;
> 
>     Shouldn't we change that to "-A scram-sha-256" ?
> 
> 
> Yes I think we absolutely should!

+1

Proposed patch attached. This also removes "-A password" from that 
sentence as well.

Jonathan

diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 62cec614d3..fac9b6b3bd 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -199,8 +199,8 @@ postgres$ <userinput>initdb -D /usr/local/pgsql/data</userinput>
      <primary>password</primary>
      <secondary>of the superuser</secondary>
    </indexterm>
-   Also, specify <option>-A md5</option> or
-   <option>-A password</option> so that the default <literal>trust</literal> authentication
+   Also, specify <option>-A scram-sha-256</option>
+   so that the default <literal>trust</literal> authentication
    mode is not used; or modify the generated <filename>pg_hba.conf</filename>
    file after running <command>initdb</command>, but
    <emphasis>before</emphasis> you start the server for the first time. (Other


Attachments:

  [text/plain] initdb-auth-recommendation.patch (816B, 2-initdb-auth-recommendation.patch)
  download | inline diff:
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 62cec614d3..fac9b6b3bd 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -199,8 +199,8 @@ postgres$ <userinput>initdb -D /usr/local/pgsql/data</userinput>
      <primary>password</primary>
      <secondary>of the superuser</secondary>
    </indexterm>
-   Also, specify <option>-A md5</option> or
-   <option>-A password</option> so that the default <literal>trust</literal> authentication
+   Also, specify <option>-A scram-sha-256</option>
+   so that the default <literal>trust</literal> authentication
    mode is not used; or modify the generated <filename>pg_hba.conf</filename>
    file after running <command>initdb</command>, but
    <emphasis>before</emphasis> you start the server for the first time. (Other


  [application/pgp-signature] OpenPGP_signature (840B, 3-OpenPGP_signature)
  download

^ permalink  raw  reply  [nested|flat] 5+ messages in thread

* Re: Should we really recommend "-A md5 or -A password"?
@ 2022-05-31 13:59  Daniel Westermann (DWE) <[email protected]>
  0 siblings, 0 replies; 5+ messages in thread

From: Daniel Westermann (DWE) @ 2022-05-31 13:59 UTC (permalink / raw)
  To: Jonathan S. Katz <[email protected]>; Magnus Hagander <[email protected]>; +Cc: [email protected] <[email protected]>

>> Yes I think we absolutely should!

>+1
>Proposed patch attached. This also removes "-A password" from that 
>sentence as well.

You've been faster than me :) 
Looks good.

Regards
Daniel

^ permalink  raw  reply  [nested|flat] 5+ messages in thread

* Re: Should we really recommend "-A md5 or -A password"?
@ 2022-05-31 20:03  Magnus Hagander <[email protected]>
  parent: Jonathan S. Katz <[email protected]>
  0 siblings, 0 replies; 5+ messages in thread

From: Magnus Hagander @ 2022-05-31 20:03 UTC (permalink / raw)
  To: Jonathan S. Katz <[email protected]>; +Cc: Daniel Westermann (DWE) <[email protected]>; [email protected] <[email protected]>

On Tue, May 31, 2022 at 3:57 PM Jonathan S. Katz <[email protected]>
wrote:

> On 5/31/22 8:35 AM, Magnus Hagander wrote:
> >
> >
> > On Tue, May 31, 2022 at 2:29 PM Daniel Westermann (DWE)
> > <[email protected]
> > <mailto:[email protected]>> wrote:
> >
> >     Hi,
> >
> >     I just came across this:
> >     "Also, specify -A md5 or -A password so that the default trust
> >     authentication mode is not used;"
> >     https://www.postgresql.org/docs/current/creating-cluster.html
> >     <https://www.postgresql.org/docs/current/creating-cluster.html;
> >
> >     Shouldn't we change that to "-A scram-sha-256" ?
> >
> >
> > Yes I think we absolutely should!
>
> +1
>
> Proposed patch attached. This also removes "-A password" from that
> sentence as well.
>

Applied and backpatched to 14. Thanks!

-- 
 Magnus Hagander
 Me: https://www.hagander.net/ <http://www.hagander.net/;
 Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/;


^ permalink  raw  reply  [nested|flat] 5+ messages in thread

end of thread, other threads:[~2022-05-31 20:03 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2022-05-31 12:29 Should we really recommend "-A md5 or -A password"? Daniel Westermann (DWE) <[email protected]>
2022-05-31 12:35 ` Magnus Hagander <[email protected]>
2022-05-31 13:57   ` Jonathan S. Katz <[email protected]>
2022-05-31 20:03     ` Magnus Hagander <[email protected]>
2022-05-31 13:59 Re: Should we really recommend "-A md5 or -A password"? Daniel Westermann (DWE) <[email protected]>

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox