Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jb9lj-0005RS-Dr for pgsql-pkg-yum@arkaria.postgresql.org; Tue, 19 May 2020 21:27:23 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1jb9lg-0002HB-L9 for pgsql-pkg-yum@arkaria.postgresql.org; Tue, 19 May 2020 21:27:20 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jb9lg-0002H4-Dd for pgsql-pkg-yum@lists.postgresql.org; Tue, 19 May 2020 21:27:20 +0000 Received: from tamriel.snowman.net ([2001:470:e38f::11]) by makus.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1jb9lZ-0003Q0-1j for pgsql-pkg-yum@postgresql.org; Tue, 19 May 2020 21:27:18 +0000 Received: by tamriel.snowman.net (Postfix, from userid 1000) id 59B555F798; Tue, 19 May 2020 17:27:10 -0400 (EDT) Date: Tue, 19 May 2020 17:27:10 -0400 From: Stephen Frost To: Devrim =?iso-8859-1?B?R/xuZPx6?= Cc: Craig Ringer , pgsql-pkg-yum Subject: Re: Can we stop defaulting to 'ident'? Message-ID: <20200519212710.GQ13712@tamriel.snowman.net> References: <7761d006b5ace13a4d86ce489123e5004aaf8b6c.camel@gunduz.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="XzRMHVuAkWkhYgaw" Content-Disposition: inline In-Reply-To: <7761d006b5ace13a4d86ce489123e5004aaf8b6c.camel@gunduz.org> User-Agent: Mutt/1.5.24 (2015-08-30) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Precedence: bulk --XzRMHVuAkWkhYgaw Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Greetings, * Devrim G=FCnd=FCz (devrim@gunduz.org) wrote: > On Thu, 2019-12-19 at 12:58 +0800, Craig Ringer wrote: > > 'ident' doesn't work by default on any RPM disto. >=20 > So, I am thinking of switching to scram-sha-256 by default. We need to > do this sooner or later anyway. We can blame "13", if someone > complains. >=20 > Any objections? I'm pulling the trigger for 13beta1. It means I'll also > set the default in postgresql.conf to scram auth as well. +1 to scram-sha-256 for the default for host-based/TCP connections. For local, we should be using peer, just like Debian's default has been for ages. Thanks, Stephen --XzRMHVuAkWkhYgaw Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJexE8tAAoJEO1sijiDR2RVtgAP/3I8iBGoNWcVUXWTD0Xze9SR nQsvT6qEjXS8rMOJIcelY80Wl0WCmh+4/SWBUZ+TKjN7h9qbtebBUOef9LBmbP4/ ObeGDp2/OtCLUlFypnTLbmM3geZO+5DzoHATzRUlY8d/lUDIxY6v/mYPUSdhm2Ck /Ll/Tus/l41MfyvxvgL6hoDbxvRIh71rg2pXt5reSVOefWEwrwZgEGtBr11CpRrf nzPKPSjsEwCOHlVIM6v1fGa/vvzm2ygpP8IpAq0FMhqUrqLTX5u1pPN6c846JNZ9 ruFw/pAyScKpKWRcFzQeWYTI/H5iS76KunmfL2XpqkNIT0BOg34JrHwvcjuaPR4A xjxaw5+ZQdfKCl3C//nJxbqIHuXRg80HwDMYlPCrh2HO60fIjALcF5DiBQ2hmc1p NKL+u9p1KnSIc1gngEAUoYq4SOgkKE8Ysyozz/uwX9qsz+lrzODUlLYYgtsp6huR y5BHG9kuZ8A4PcJjkcIOxSTV6O97hONkyGutIc7OEah22SfK5aHC1NL8qYqJYEF+ RhRv4/5uTL0acVwhcp40eea5Zoekfk9lp8NFeypyBKlOwYCh9YaHbHnv4HUm9o1J kmDGGXypBx9n+lFfYIIC58NSVIvd/o4If3ioIbNt7i3P8Fd8imEeiHL8PJ2IFQbv pXWS32wC6f5FHRDKJask =fUb1 -----END PGP SIGNATURE----- --XzRMHVuAkWkhYgaw--