public inbox for [email protected]
help / color / mirror / Atom feedShould we really recommend "-A md5 or -A password"?
5+ messages / 3 participants
[nested] [flat]
* Should we really recommend "-A md5 or -A password"?
@ 2022-05-31 12:29 Daniel Westermann (DWE) <[email protected]>
2022-05-31 12:35 ` Re: Should we really recommend "-A md5 or -A password"? Magnus Hagander <[email protected]>
0 siblings, 1 reply; 5+ messages in thread
From: Daniel Westermann (DWE) @ 2022-05-31 12:29 UTC (permalink / raw)
To: [email protected] <[email protected]>
Hi,
I just came across this:
"Also, specify -A md5 or -A password so that the default trust authentication mode is not used;"
https://www.postgresql.org/docs/current/creating-cluster.html
Shouldn't we change that to "-A scram-sha-256" ?
Regards
Daniel
^ permalink raw reply [nested|flat] 5+ messages in thread
* Re: Should we really recommend "-A md5 or -A password"?
2022-05-31 12:29 Should we really recommend "-A md5 or -A password"? Daniel Westermann (DWE) <[email protected]>
@ 2022-05-31 12:35 ` Magnus Hagander <[email protected]>
2022-05-31 13:57 ` Re: Should we really recommend "-A md5 or -A password"? Jonathan S. Katz <[email protected]>
0 siblings, 1 reply; 5+ messages in thread
From: Magnus Hagander @ 2022-05-31 12:35 UTC (permalink / raw)
To: Daniel Westermann (DWE) <[email protected]>; +Cc: [email protected] <[email protected]>
On Tue, May 31, 2022 at 2:29 PM Daniel Westermann (DWE) <
[email protected]> wrote:
> Hi,
>
> I just came across this:
> "Also, specify -A md5 or -A password so that the default trust
> authentication mode is not used;"
> https://www.postgresql.org/docs/current/creating-cluster.html
>
> Shouldn't we change that to "-A scram-sha-256" ?
>
Yes I think we absolutely should!
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/;
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/;
^ permalink raw reply [nested|flat] 5+ messages in thread
* Re: Should we really recommend "-A md5 or -A password"?
2022-05-31 12:29 Should we really recommend "-A md5 or -A password"? Daniel Westermann (DWE) <[email protected]>
2022-05-31 12:35 ` Re: Should we really recommend "-A md5 or -A password"? Magnus Hagander <[email protected]>
@ 2022-05-31 13:57 ` Jonathan S. Katz <[email protected]>
2022-05-31 20:03 ` Re: Should we really recommend "-A md5 or -A password"? Magnus Hagander <[email protected]>
0 siblings, 1 reply; 5+ messages in thread
From: Jonathan S. Katz @ 2022-05-31 13:57 UTC (permalink / raw)
To: Magnus Hagander <[email protected]>; Daniel Westermann (DWE) <[email protected]>; +Cc: [email protected] <[email protected]>
On 5/31/22 8:35 AM, Magnus Hagander wrote:
>
>
> On Tue, May 31, 2022 at 2:29 PM Daniel Westermann (DWE)
> <[email protected]
> <mailto:[email protected]>> wrote:
>
> Hi,
>
> I just came across this:
> "Also, specify -A md5 or -A password so that the default trust
> authentication mode is not used;"
> https://www.postgresql.org/docs/current/creating-cluster.html
> <https://www.postgresql.org/docs/current/creating-cluster.html;
>
> Shouldn't we change that to "-A scram-sha-256" ?
>
>
> Yes I think we absolutely should!
+1
Proposed patch attached. This also removes "-A password" from that
sentence as well.
Jonathan
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 62cec614d3..fac9b6b3bd 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -199,8 +199,8 @@ postgres$ <userinput>initdb -D /usr/local/pgsql/data</userinput>
<primary>password</primary>
<secondary>of the superuser</secondary>
</indexterm>
- Also, specify <option>-A md5</option> or
- <option>-A password</option> so that the default <literal>trust</literal> authentication
+ Also, specify <option>-A scram-sha-256</option>
+ so that the default <literal>trust</literal> authentication
mode is not used; or modify the generated <filename>pg_hba.conf</filename>
file after running <command>initdb</command>, but
<emphasis>before</emphasis> you start the server for the first time. (Other
Attachments:
[text/plain] initdb-auth-recommendation.patch (816B, 2-initdb-auth-recommendation.patch)
download | inline diff:
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
index 62cec614d3..fac9b6b3bd 100644
--- a/doc/src/sgml/runtime.sgml
+++ b/doc/src/sgml/runtime.sgml
@@ -199,8 +199,8 @@ postgres$ <userinput>initdb -D /usr/local/pgsql/data</userinput>
<primary>password</primary>
<secondary>of the superuser</secondary>
</indexterm>
- Also, specify <option>-A md5</option> or
- <option>-A password</option> so that the default <literal>trust</literal> authentication
+ Also, specify <option>-A scram-sha-256</option>
+ so that the default <literal>trust</literal> authentication
mode is not used; or modify the generated <filename>pg_hba.conf</filename>
file after running <command>initdb</command>, but
<emphasis>before</emphasis> you start the server for the first time. (Other
[application/pgp-signature] OpenPGP_signature (840B, 3-OpenPGP_signature)
download
^ permalink raw reply [nested|flat] 5+ messages in thread
* Re: Should we really recommend "-A md5 or -A password"?
2022-05-31 12:29 Should we really recommend "-A md5 or -A password"? Daniel Westermann (DWE) <[email protected]>
2022-05-31 12:35 ` Re: Should we really recommend "-A md5 or -A password"? Magnus Hagander <[email protected]>
2022-05-31 13:57 ` Re: Should we really recommend "-A md5 or -A password"? Jonathan S. Katz <[email protected]>
@ 2022-05-31 20:03 ` Magnus Hagander <[email protected]>
0 siblings, 0 replies; 5+ messages in thread
From: Magnus Hagander @ 2022-05-31 20:03 UTC (permalink / raw)
To: Jonathan S. Katz <[email protected]>; +Cc: Daniel Westermann (DWE) <[email protected]>; [email protected] <[email protected]>
On Tue, May 31, 2022 at 3:57 PM Jonathan S. Katz <[email protected]>
wrote:
> On 5/31/22 8:35 AM, Magnus Hagander wrote:
> >
> >
> > On Tue, May 31, 2022 at 2:29 PM Daniel Westermann (DWE)
> > <[email protected]
> > <mailto:[email protected]>> wrote:
> >
> > Hi,
> >
> > I just came across this:
> > "Also, specify -A md5 or -A password so that the default trust
> > authentication mode is not used;"
> > https://www.postgresql.org/docs/current/creating-cluster.html
> > <https://www.postgresql.org/docs/current/creating-cluster.html;
> >
> > Shouldn't we change that to "-A scram-sha-256" ?
> >
> >
> > Yes I think we absolutely should!
>
> +1
>
> Proposed patch attached. This also removes "-A password" from that
> sentence as well.
>
Applied and backpatched to 14. Thanks!
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/;
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/;
^ permalink raw reply [nested|flat] 5+ messages in thread
* Re: Should we really recommend "-A md5 or -A password"?
@ 2022-05-31 13:59 Daniel Westermann (DWE) <[email protected]>
0 siblings, 0 replies; 5+ messages in thread
From: Daniel Westermann (DWE) @ 2022-05-31 13:59 UTC (permalink / raw)
To: Jonathan S. Katz <[email protected]>; Magnus Hagander <[email protected]>; +Cc: [email protected] <[email protected]>
>> Yes I think we absolutely should!
>+1
>Proposed patch attached. This also removes "-A password" from that
>sentence as well.
You've been faster than me :)
Looks good.
Regards
Daniel
^ permalink raw reply [nested|flat] 5+ messages in thread
end of thread, other threads:[~2022-05-31 20:03 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2022-05-31 12:29 Should we really recommend "-A md5 or -A password"? Daniel Westermann (DWE) <[email protected]>
2022-05-31 12:35 ` Magnus Hagander <[email protected]>
2022-05-31 13:57 ` Jonathan S. Katz <[email protected]>
2022-05-31 20:03 ` Magnus Hagander <[email protected]>
2022-05-31 13:59 Re: Should we really recommend "-A md5 or -A password"? Daniel Westermann (DWE) <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox