Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nPQwK-0007VN-9j for pgsql-hackers@arkaria.postgresql.org; Wed, 02 Mar 2022 15:30:56 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1nPQwJ-0002Kb-5x for pgsql-hackers@arkaria.postgresql.org; Wed, 02 Mar 2022 15:30:55 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nPQwI-0002KS-SF for pgsql-hackers@lists.postgresql.org; Wed, 02 Mar 2022 15:30:54 +0000 Received: from tamriel.snowman.net ([2001:470:e38f::11]) by makus.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1nPQwG-00019D-JO for pgsql-hackers@lists.postgresql.org; Wed, 02 Mar 2022 15:30:53 +0000 Received: by tamriel.snowman.net (Postfix, from userid 1000) id 267E45F7A2; Wed, 2 Mar 2022 10:30:52 -0500 (EST) Date: Wed, 2 Mar 2022 10:30:52 -0500 From: Stephen Frost To: Peter Eisentraut Cc: "Jonathan S. Katz" , Michael Paquier , Tom Lane , Jeff Davis , samay sharma , pgsql-hackers@lists.postgresql.org Subject: Re: Proposal: Support custom authentication methods using hooks Message-ID: <20220302153051.GD10577@tamriel.snowman.net> References: <9004b18218eae293f1ee888e49d13d8a6b02810d.camel@j-davis.com> <20220228204634.GM10577@tamriel.snowman.net> <2738622.1646083128@sss.pgh.pa.us> <20220228214255.GO10577@tamriel.snowman.net> <20220301133119.GR10577@tamriel.snowman.net> <5de09fc4-8feb-8a91-d74a-fc9682208337@postgresql.org> <684c9d5b-2ab4-0546-4520-8e49a49ad1fb@enterprisedb.com> <115918cb-6009-3fac-712d-8d1eee3bb1a6@postgresql.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="01b0+GAtiOmVD9T6" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --01b0+GAtiOmVD9T6 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Greetings, * Peter Eisentraut (peter.eisentraut@enterprisedb.com) wrote: > On 02.03.22 15:16, Jonathan S. Katz wrote: > >>I find that a lot of people are still purposely using md5.=A0 Removing = it > >>now or in a year would be quite a disruption. > > > >What are the reasons they are still purposely using it? The ones I have > >seen/heard are: > > > >- Using an older driver > >- On a pre-v10 PG > >- Unaware of SCRAM >=20 > I'm not really sure, but it seems like they are content with what they ha= ve > and don't want to bother with the new fancy stuff. There were lots and lots of folks who were comfortable with recovery.conf, yet we removed that without any qualms from one major version to the next. md5 will have had 5 years of overlap with scram. > >What I'm proposing above is to start the process of deprecating it as an > >auth method, which also allows to continue the education efforts to > >upgrae. Does that make sense? >=20 > I'm not in favor of starting a process that will result in removal of the > md5 method at this time. I am. Thanks, Stephen --01b0+GAtiOmVD9T6 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJiH42rAAoJEO1sijiDR2RVOnYQAKjkIpmV1FJyKKFOB4/UovkZ /0oFoEujRrO+JAqP3r/YApBBWsHQ3rh9K/zFqNePLWhfCD1w06hi4hv/iLq3NNmS 1V7lJwolKGtxGulajn16JL90kV+zif1YUQMSevKmMmhzhguz/3xl1bRiU/5w3oWf HI/AtTzAZAcdT0/k8TVPZsJeFt3jf+1LKbm9a9ogTj8nwXOG98os8LtUbvuTGa7H 6s/KG3phW4dV7uyX+k1u4vSytyL2YYFKV9k728fAMZl9RCIjM2RagtOnglnky6uw KHHL54OFoEcvL1ea0moY2RsxhksiLZo/7bw5ptXvtb3y6uI2FAdNmuAljaYd2cTJ guN/NCAIyKacaZ8s9vtkTUjP0mupUdenS9kPOvtULi0WsmB5UByk/hhINkWlcKig gKjNQkjxq54dl733rJ2iiz10C538aC2ljBh1Pq54Sph2XCRojCEuptretsA4GfNF w61C92+rmYdy6dSds+JTH/yKya/DpiwYdjOlA9DYo3LO/Z6TlR2o5dCUGEPy+Mrm j3cjZyVikJ+28VBaQni8n2yTogjxIGpjzfzKy+aRrfmG4OIMfE21KzTqPyno5kt/ f9VMqQkprMevx8/SY8hCEPIbSs31eAeqoWqP3ZEnv2QN/KNBM+qOkgusGiwH56zU sYYYJiYYmXz+iGQ53wFa =DFLt -----END PGP SIGNATURE----- --01b0+GAtiOmVD9T6--