Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sz1p6-003mjX-E6 for pgsql-hackers@arkaria.postgresql.org; Thu, 10 Oct 2024 22:39:56 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1sz1p4-008ufn-Ej for pgsql-hackers@arkaria.postgresql.org; Thu, 10 Oct 2024 22:39:54 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sz1p4-008uff-4c for pgsql-hackers@lists.postgresql.org; Thu, 10 Oct 2024 22:39:54 +0000 Received: from sss.pgh.pa.us ([68.162.161.243]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1sz1p1-000PmF-9u for pgsql-hackers@postgresql.org; Thu, 10 Oct 2024 22:39:53 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 49AMdZEe2736149; Thu, 10 Oct 2024 18:39:35 -0400 From: Tom Lane To: Jesper Pedersen cc: Heikki Linnakangas , Bruce Momjian , Jelte Fennema-Nio , Nathan Bossart , pgsql-hackers@postgresql.org Subject: Re: sunsetting md5 password support In-reply-to: <615f519f-b36f-4e8c-8e4c-df9789575001@comcast.net> References: <615f519f-b36f-4e8c-8e4c-df9789575001@comcast.net> Comments: In-reply-to Jesper Pedersen message dated "Thu, 10 Oct 2024 18:00:20 -0400" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <2736147.1728599975.1@sss.pgh.pa.us> Date: Thu, 10 Oct 2024 18:39:35 -0400 Message-ID: <2736148.1728599975@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Jesper Pedersen writes: > On 10/10/24 5:45 PM, Heikki Linnakangas wrote: >> Note that some authentication methods like LDAP and Radius use >> "password" authentication on the wire. > Please, deprecate - aka remove - old methods. > All client libraries have caught up, and if they havn't then it their > issue not Core. It's not the libraries that are the problem. It's the users that want to use these auth methods --- perhaps even are required to by dubiously-well-thought-out corporate policies. regards, tom lane