Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nPQvd-0007Q1-DH for pgsql-hackers@arkaria.postgresql.org; Wed, 02 Mar 2022 15:30:13 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1nPQv6-0004xA-B4 for pgsql-hackers@arkaria.postgresql.org; Wed, 02 Mar 2022 15:29:40 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nPQv5-0004wn-CK for pgsql-hackers@lists.postgresql.org; Wed, 02 Mar 2022 15:29:40 +0000 Received: from out2-smtp.messagingengine.com ([66.111.4.26]) by magus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nPQv1-0003a1-9d for pgsql-hackers@lists.postgresql.org; Wed, 02 Mar 2022 15:29:38 +0000 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 994835C0224; Wed, 2 Mar 2022 10:29:33 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Wed, 02 Mar 2022 10:29:33 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=a57HiUEd/nrfCIn0lN6qfjdHCiPj0ZKIsKTfnh53N mI=; b=Tk+/r95d+fIcgHlekFMzA8qaq2VAjzQP1pD4/y7MxKCLm8qKQslxrTxr9 IGydQtBxiBJ8TlombMRtLa9uZFmxs//U1CQIOClSvKSf9C3YK8V+Nsg/MRFdgsyN DPkJAa1o5iYXxpvRoXCOOBBY/QfWBFYXIznUEfqpsPU9FTcAaO/Sbc550PfLaW8u L7+dnGFjNyTnsmSCUE99sUFYvcQ4bG2Lp+dqMSNPcThSJQ/NqnCNCpx+gCkCkRnQ 9iVUOfc98vP+0jOvp5c0ZqeruSuz17avJuW+mc7z05AshRkIyl66fxPqU5vi29QX D+RCb2N3CEALuyGHXGVK7rePjG4Tg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddruddtgedgjeduucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepkfffgggfuffvfhfhjggtgfesthekredttdefjeenucfhrhhomheprfgvthgv rhcugfhishgvnhhtrhgruhhtuceophgvthgvrhdrvghishgvnhhtrhgruhhtsegvnhhtvg hrphhrihhsvggusgdrtghomheqnecuggftrfgrthhtvghrnheplefgteefiedtleelgeeg jeevhfeuteefvddtjeehveeuieefgedvhfeuleduteeunecuvehluhhsthgvrhfuihiivg eptdenucfrrghrrghmpehmrghilhhfrhhomhepphgvthgvrhdrvghishgvnhhtrhgruhht segvnhhtvghrphhrihhsvggusgdrtghomh X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 2 Mar 2022 10:29:31 -0500 (EST) Message-ID: Date: Wed, 2 Mar 2022 16:29:29 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.6.0 Subject: Re: Proposal: Support custom authentication methods using hooks Content-Language: en-US To: "Jonathan S. Katz" , Stephen Frost , Michael Paquier Cc: Tom Lane , Jeff Davis , samay sharma , pgsql-hackers@lists.postgresql.org References: <1737574.1645753674@sss.pgh.pa.us> <54dc198b56a87e31e9625405383f04a8c6589b8b.camel@j-davis.com> <1905579.1645810764@sss.pgh.pa.us> <2718414dc095b716e59e126c03af343997d14c7b.camel@j-davis.com> <1980351.1645816239@sss.pgh.pa.us> <9004b18218eae293f1ee888e49d13d8a6b02810d.camel@j-davis.com> <20220228204634.GM10577@tamriel.snowman.net> <2738622.1646083128@sss.pgh.pa.us> <20220228214255.GO10577@tamriel.snowman.net> <20220301133119.GR10577@tamriel.snowman.net> <5de09fc4-8feb-8a91-d74a-fc9682208337@postgresql.org> <684c9d5b-2ab4-0546-4520-8e49a49ad1fb@enterprisedb.com> <115918cb-6009-3fac-712d-8d1eee3bb1a6@postgresql.org> From: Peter Eisentraut In-Reply-To: <115918cb-6009-3fac-712d-8d1eee3bb1a6@postgresql.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 02.03.22 15:16, Jonathan S. Katz wrote: >> I find that a lot of people are still purposely using md5.  Removing >> it now or in a year would be quite a disruption. > > What are the reasons they are still purposely using it? The ones I have > seen/heard are: > > - Using an older driver > - On a pre-v10 PG > - Unaware of SCRAM I'm not really sure, but it seems like they are content with what they have and don't want to bother with the new fancy stuff. > What I'm proposing above is to start the process of deprecating it as an > auth method, which also allows to continue the education efforts to > upgrae. Does that make sense? I'm not in favor of starting a process that will result in removal of the md5 method at this time.