Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nPo49-00051P-Q5 for pgsql-hackers@arkaria.postgresql.org; Thu, 03 Mar 2022 16:12:33 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1nPo48-0004LK-5b for pgsql-hackers@arkaria.postgresql.org; Thu, 03 Mar 2022 16:12:32 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nPo47-0004LB-QS for pgsql-hackers@lists.postgresql.org; Thu, 03 Mar 2022 16:12:31 +0000 Received: from mail-il1-x12e.google.com ([2607:f8b0:4864:20::12e]) by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1nPo45-0004kI-A4 for pgsql-hackers@lists.postgresql.org; Thu, 03 Mar 2022 16:12:30 +0000 Received: by mail-il1-x12e.google.com with SMTP id h28so4408798ila.3 for ; Thu, 03 Mar 2022 08:12:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=crunchydata.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=iLQvZ1CTTAsNJjAsdD/IvUaFJAuz7GPV/KXU1Dmmt0U=; b=lJbQAcZNOLGUMJKDI6werJC7hVtjJGlUVtDWt0FA1k/5omt1q2Zjetfu5i766bYuGz zN3dRKxFsHpEQp5K/isHZvS23ApsHnc9n6TXGINt1mOivrbknntLsF+CmO+WNWa+0ST+ c4goYgGr58cvNIZaNRizniGpZQ9vK1VVuIDCguEqYx8tVK00+AlSw5WwKXouzTr9YTRW HwmCwv6Uzp566tVTcAllO+MS0a+tCdZhi7Aiqjaw5mXtDVyRiyHtqK61m4HiPCbxvne9 pp9/91Kf6r5Sau6kDetKB9DiJi7JvJ98/BbLVdhlGQfr3NOnS4orc9vApXEf1CDzigMY qsrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iLQvZ1CTTAsNJjAsdD/IvUaFJAuz7GPV/KXU1Dmmt0U=; b=kqh7k558BwYkIHDpKroroD/Zf0HzVwPfWA2rGpjxzA2ji/uCtT61/cS3shPzKfMnjb fQpyXrlb5y01hdIQlS/2YMzRSwzdzJgwN04orLX+o1X/8t9f4qKEotMO45gjm95dlR8K p2vEp+iQlli6K/K/fLsdY+u3gbf9Bfngi/HLG9bkGY3YhHIAcl6W0LKAlfHOTjqnrzDi aakS4UwxZMh6TG9Z3I2iJmollo8Xp3EcOSpJYDrbml7HYho60qmnx1+ba/YqNORzVzD+ +9nBw5M+NjM35sGpxO1OdXTBVu/UYvS6u8x7CWCh4pNhwnocGHVUl4FNntOfzf7QZrKc +14w== X-Gm-Message-State: AOAM5320ScgMPYIlhnuQ0LOvhAd9Es6i2P6opoJ9H2/LDpq2SwNnU8h4 QdR2CNxR1wDaF1FNuajiF0haYEYHEfLU/8wD3+iD8Q== X-Google-Smtp-Source: ABdhPJwV0t3vQ75qX8SkpvZgUN0GjY9GOiamy6lkR+XRlKRji/aod8f2bexpgPl0Beb+8WDKHVyaIMdUWzMa6OOVBrk= X-Received: by 2002:a05:6e02:1bc5:b0:2c2:7bc9:8e8f with SMTP id x5-20020a056e021bc500b002c27bc98e8fmr32463389ilv.5.1646323948304; Thu, 03 Mar 2022 08:12:28 -0800 (PST) MIME-Version: 1.0 References: <9004b18218eae293f1ee888e49d13d8a6b02810d.camel@j-davis.com> <20220228204634.GM10577@tamriel.snowman.net> <2738622.1646083128@sss.pgh.pa.us> <20220228214255.GO10577@tamriel.snowman.net> <20220301133119.GR10577@tamriel.snowman.net> <5de09fc4-8feb-8a91-d74a-fc9682208337@postgresql.org> <684c9d5b-2ab4-0546-4520-8e49a49ad1fb@enterprisedb.com> <115918cb-6009-3fac-712d-8d1eee3bb1a6@postgresql.org> <20220302153051.GD10577@tamriel.snowman.net> <04d1c0e9-2558-943a-0241-4269e42328a2@postgresql.org> <48f3d752-df62-7cb1-dbb1-82b781e16dc0@enterprisedb.com> In-Reply-To: <48f3d752-df62-7cb1-dbb1-82b781e16dc0@enterprisedb.com> From: Joshua Brindle Date: Thu, 3 Mar 2022 11:12:17 -0500 Message-ID: Subject: Re: Proposal: Support custom authentication methods using hooks To: Peter Eisentraut Cc: "Jonathan S. Katz" , Stephen Frost , Michael Paquier , Tom Lane , Jeff Davis , samay sharma , pgsql-hackers@lists.postgresql.org Content-Type: text/plain; charset="UTF-8" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Thu, Mar 3, 2022 at 4:45 AM Peter Eisentraut wrote: > > On 02.03.22 16:45, Jonathan S. Katz wrote: > > By that argument, we should have kept "password" (plain) as an > > authentication method. > > For comparison, the time between adding md5 and removing password was 16 > years. It has been 5 years since scram was added. It's been 7 years since this thread: https://www.postgresql.org/message-id/54DBCBCF.9000600@vmware.com As Jonathan and Stephen and others have said, anyone who wishes to continue using MD5 or other plaintext methods can keep doing that for 5 more years with a supported version of PG. There is no excuse to leave well known, flawed mechanisms in PG16.