Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.89) (envelope-from ) id 1iiJrf-0003nl-N3 for pgsql-pkg-yum@arkaria.postgresql.org; Fri, 20 Dec 2019 15:06:51 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.89) (envelope-from ) id 1iiJre-00079i-8i for pgsql-pkg-yum@arkaria.postgresql.org; Fri, 20 Dec 2019 15:06:50 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.89) (envelope-from ) id 1iiJre-00079b-1W for pgsql-pkg-yum@lists.postgresql.org; Fri, 20 Dec 2019 15:06:50 +0000 Received: from tamriel.snowman.net ([96.255.250.162]) by magus.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1iiJrb-0001Q0-81 for pgsql-pkg-yum@postgresql.org; Fri, 20 Dec 2019 15:06:49 +0000 Received: by tamriel.snowman.net (Postfix, from userid 1000) id A77C25F799; Fri, 20 Dec 2019 10:06:44 -0500 (EST) Date: Fri, 20 Dec 2019 10:06:44 -0500 From: Stephen Frost To: Christoph Berg , Devrim =?iso-8859-1?B?R/xuZPx6?= , Craig Ringer , pgsql-pkg-yum Subject: Re: Can we stop defaulting to 'ident'? Message-ID: <20191220150644.GO3195@tamriel.snowman.net> References: <77df509da61adaebca6c5f0451f1c1616f1faa45.camel@gunduz.org> <20191220103240.GB9564@msg.df7cb.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Xivtt9Q8Gazzyu1i" Content-Disposition: inline In-Reply-To: <20191220103240.GB9564@msg.df7cb.de> User-Agent: Mutt/1.5.24 (2015-08-30) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Precedence: bulk --Xivtt9Q8Gazzyu1i Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Greetings, * Christoph Berg (myon@debian.org) wrote: > Re: Devrim G=FCnd=FCz 2019-12-20 <77df509da61adaebca6c5f0451f1c1616f1faa4= 5.camel@gunduz.org> > > > but I think it's pretty unhelpful. At least if we used 'md5' the user= could > > > set passwords and have them actually work. > >=20 > > IMHO the only alternative could be "trust", because I am not holding my= breath > > for the majority of our users to be able to setup a password that easily > > (yeah). I'm also not inclined to setup a default password for RPM insta= llations > > (and also RPMs must not do any interactive work, like asking for a pass= word) >=20 > Fwiw, the Debian packages have been using md5 forever, and do not set > a password either. People seem to be able to set a password > themselves. I've never heard any complaint about it. (Except for some > poking that scram might be better.) SCRAM is *definitely* better and I strongly support us moving to it, provided it doesn't break anything existing (which it generally shouldn't... but maybe there's some weird edge cases, or possibly older clients, but still, at some point, we need to move this default to be SCRAM). That said- we should be using peer for local unix sockets and SCRAM for host-based password (local or not...), and ident needs to just die. Thanks, Stephen --Xivtt9Q8Gazzyu1i Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJd/OOEAAoJEO1sijiDR2RVGl8QAJOs/fuywpnMHjFaNdbypfTT WSwP3lM2XhwgtLiAKkIe8Kvss/jORwxQ11Um9C1twK7JB9FYezKschAW+zDcKJMD rT90/OuACJjcZDI7RjgD4Ur1tWLguIkOqgVpe+NFxvNmdkY36scBxrs3/K3YpF/d KI79IFTYa9u2BvE1iKSZoboERr/VArwJri0oQ4XznLYbBt3jRPokk3QRrpj84isi /sfJc5fy9M6fle22Ow0+YjU1+pFSGUhISkAkS3K5asz0f0GFtXWC5mJL6zWIfjoF fQMYazTwiyoZBg5EnA4Aqspq6ARFpx9ZeE6Xw1lnwrf7j7Arkj5k+t+aDu84t7dp 0HwtjQQoFACDB+Q9HXtiKYNqpKGl1/wRhgJkyd/qJMLELJRxU51224mDTFLkPsl5 F58Lo844NkJLU8wJMwtHiCs24f90N/w+jpiDzEuEpUXESUEfzXbrYcP23+PhxJ/q 3Z6Ur31lA/4XXtsS3cDvaRGLEFYZ57W9tprwpWkb5WzdtRLORJOHvAHSjRC+DXYD x4Q+JBoJTLFlGYKcbSbjx8bVqUKTyikbauNRzYlyF9LZL88Sgp388tzb2sLy6+5m ExpOtXmlretOYOVsGRroQ0BmzvJNeOEPOmQM1+iCgBTQax5UE91oUQSCrN8y/Ga2 VmVdGwiiInyv+AjdAtQZ =D3k7 -----END PGP SIGNATURE----- --Xivtt9Q8Gazzyu1i--