Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nPKHi-0006JK-17 for pgsql-hackers@arkaria.postgresql.org; Wed, 02 Mar 2022 08:24:34 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1nPKHg-0000aL-PW for pgsql-hackers@arkaria.postgresql.org; Wed, 02 Mar 2022 08:24:32 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nPKHg-0000aC-Fi for pgsql-hackers@lists.postgresql.org; Wed, 02 Mar 2022 08:24:32 +0000 Received: from out1-smtp.messagingengine.com ([66.111.4.25]) by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nPKHd-000682-PJ for pgsql-hackers@lists.postgresql.org; Wed, 02 Mar 2022 08:24:31 +0000 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id E40A95C0398; Wed, 2 Mar 2022 03:24:28 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Wed, 02 Mar 2022 03:24:28 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=y4UP89iqm3SoNuJuNu7yhhBjNMrWPuKpW/aL9BnIZ ZM=; b=BEXdB/suYWMuqRIhAXgTbbZ7Y3UObtH1As+Yru0XFYa6xfd1Nqv36td4e mtg1I9oReKaiaCOuLFxxRyt5J9m9+xpHXjFE7XiMTy61ZmpV34M9+bRb2xN1dKWK 3D0sn3lDDNrpFlxCneat1Z3ywMnJ8320CFl/Ukxn2HHNuuhxu7RS9CzK2xjp7fdZ Fh9u0JGggQJtVCNQUYFBZx/w4urspA4hhVcAhRaW+alNS353OtlLLmcqfKAYto2u W2BfKLk5BlBZidxC+gHcrcdGFpEIr/EqwoI6IgI2drb4Dy6pUhLFHuwWTrAanfX3 JsQtjzyjCtdfjIvry2rh7eItTXQyw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddruddtfedgudduudcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefkffggfgfuvfhfhfgjtgfgsehtjeertddtfeejnecuhfhrohhmpefrvght vghrucfgihhsvghnthhrrghuthcuoehpvghtvghrrdgvihhsvghnthhrrghuthesvghnth gvrhhprhhishgvuggsrdgtohhmqeenucggtffrrghtthgvrhhnpeefjeegheetuefhveev udelueeftdejteeiffetvdduhfdtieefgfeutedtveeggfenucevlhhushhtvghrufhiii gvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehpvghtvghrrdgvihhsvghnthhrrghu thesvghnthgvrhhprhhishgvuggsrdgtohhm X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 2 Mar 2022 03:24:27 -0500 (EST) Message-ID: <684c9d5b-2ab4-0546-4520-8e49a49ad1fb@enterprisedb.com> Date: Wed, 2 Mar 2022 09:24:26 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.6.0 Subject: Re: Proposal: Support custom authentication methods using hooks Content-Language: en-US To: "Jonathan S. Katz" , Stephen Frost , Michael Paquier Cc: Tom Lane , Jeff Davis , samay sharma , pgsql-hackers@lists.postgresql.org References: <1737574.1645753674@sss.pgh.pa.us> <54dc198b56a87e31e9625405383f04a8c6589b8b.camel@j-davis.com> <1905579.1645810764@sss.pgh.pa.us> <2718414dc095b716e59e126c03af343997d14c7b.camel@j-davis.com> <1980351.1645816239@sss.pgh.pa.us> <9004b18218eae293f1ee888e49d13d8a6b02810d.camel@j-davis.com> <20220228204634.GM10577@tamriel.snowman.net> <2738622.1646083128@sss.pgh.pa.us> <20220228214255.GO10577@tamriel.snowman.net> <20220301133119.GR10577@tamriel.snowman.net> <5de09fc4-8feb-8a91-d74a-fc9682208337@postgresql.org> From: Peter Eisentraut In-Reply-To: <5de09fc4-8feb-8a91-d74a-fc9682208337@postgresql.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 01.03.22 22:17, Jonathan S. Katz wrote: > If you're moving to a newer version of PostgreSQL, you likely have to > update your connection drivers anyway (rebuilt against new libpq, > supporting any changes in the protocol, etc). I would prefer more data > to support that argument, but this is generally what you need to do. > > However, we may need to step towards it. We took one step last release > with defaulting to SCRAM. Perhaps this release we add a warning for > anything using md5 auth that "this will be removed in a future release." > (or specifically v16). We should also indicate in the docs that md5 is > deprecated and will be removed. I find that a lot of people are still purposely using md5. Removing it now or in a year would be quite a disruption. It's also worth considering that keeping the code equipped to handle different kinds of password hashing would help it stay in shape if we ever need to add support for the next SHA after 256 or whatever.