Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1jbQAP-0007S2-Ns
	for pgsql-pkg-yum@arkaria.postgresql.org; Wed, 20 May 2020 14:57:57 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1jbQAN-0003YK-D1
	for pgsql-pkg-yum@arkaria.postgresql.org; Wed, 20 May 2020 14:57:55 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <sfrost@tamriel.snowman.net>)
	id 1jbQAN-0003Y9-7s
	for pgsql-pkg-yum@lists.postgresql.org; Wed, 20 May 2020 14:57:55 +0000
Received: from tamriel.snowman.net ([96.255.250.162])
	by makus.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <sfrost@tamriel.snowman.net>)
	id 1jbQAL-0004G6-9O
	for pgsql-pkg-yum@postgresql.org; Wed, 20 May 2020 14:57:54 +0000
Received: by tamriel.snowman.net (Postfix, from userid 1000)
	id 5C9695F79E; Wed, 20 May 2020 10:57:52 -0400 (EDT)
Date: Wed, 20 May 2020 10:57:52 -0400
From: Stephen Frost <sfrost@snowman.net>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: Christoph Berg <myon@debian.org>,
	Devrim =?iso-8859-1?B?R/xuZPx6?= <devrim@gunduz.org>,
	Craig Ringer <craig@2ndquadrant.com>,
	pgsql-pkg-yum <pgsql-pkg-yum@postgresql.org>
Subject: Re: Can we stop defaulting to 'ident'?
Message-ID: <20200520145752.GD3418@tamriel.snowman.net>
References: 
 <CAMsr+YFCuBGWh4=aM-K2LCsBEwcrqm=pphKKHEH09vHwXcspow@mail.gmail.com>
 <7761d006b5ace13a4d86ce489123e5004aaf8b6c.camel@gunduz.org>
 <20200519212710.GQ13712@tamriel.snowman.net>
 <6089d4c8e262dd6fe8a6510c283e674543a24b5c.camel@gunduz.org>
 <3869d8c9-c212-8d73-52f4-13b03abe4813@2ndquadrant.com>
 <20200520134035.GD296739@msg.df7cb.de>
 <3a7d55ed-6abb-2005-23d7-8411bb9f5651@2ndquadrant.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="SO98HVl1bnMOfKZd"
Content-Disposition: inline
In-Reply-To: <3a7d55ed-6abb-2005-23d7-8411bb9f5651@2ndquadrant.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
List-Id: <pgsql-pkg-yum.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-pkg-yum@lists.postgresql.org>
List-Owner: <mailto:pgsql-pkg-yum-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-pkg-yum>
Precedence: bulk


--SO98HVl1bnMOfKZd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Greetings,

* Peter Eisentraut (peter.eisentraut@2ndquadrant.com) wrote:
> On 2020-05-20 15:40, Christoph Berg wrote:
> >Re: Peter Eisentraut
> >>The upstream default is still to use md5 passwords by default, and some
> >>deliberation has gone into that to keep it that way.  So it would make =
sense
> >>to have the RPMs also do that.  The Debian packages also still use md5.
> >>Some consistency across the board would be good.  Otherwise it will be =
very
> >>confusing for users if everyone just goes into their own direction.
> >
> >The upstream initdb default is still 'trust', but everyone agrees that
> >it's good that distributions are changing that so something more
> >secure, so we are already disconnected from the "true" default here.
>=20
> Sorry, I should have been more clear.  The upstream default of the GUC
> parameter "password_encryption" is md5.

Which, really, is pretty broken when we're going to be having our
packagers setting up pg_hba.conf to use scram- at the *very* least it's
ridiculously misleading because we're going to have SCRAM in pg_hba.conf
but passwords actually stored as md5 and therefore we won't be getting
the benefits from SCRAM auth (though it should still work, of course,
since the SCRAM mode will fall back to working with an md5 password).

I don't recall a v13 discussion around if we should continue to have md5
as the default for *new* installations for password_encryption.

> It is understood that the default client authentication method can be
> changed downstream.

While this discussion has been about pg_hba.conf, we really should clean
it all up and encourage users, by setting sane defaults, to use SCRAM.

That necessarily includes setting SCRAM as the password_encryption
method.

Thanks,

Stephen

--SO98HVl1bnMOfKZd
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJexUVwAAoJEO1sijiDR2RV6isP+gL0gSSs4zePcn0pzZDaQQWv
Ia6h62A0ETxuJKUnmExlGhmKZ5V/VYBUyAdqlp0ZxMcry3r7aDpfWaA+IYY1VcI9
N7FSarwpLoJHKS6HuVF4MJTMsJv4EUwkTjV3KXdHejDdQkFJumBoROCm1lem95vL
TUzEDxGkOLJRdRAxjCNh8CFz3loJgajCev3YXG9T+cMCT65TYkq6u7OEQTrT+GTi
lvYxGBWzJvqWYvMkgTfoEXy1brnkimTXlJNgjyjCaABgTg+UW0PxAXBmag9h0JiR
/URLwvQXgsRad2o4l2KH3yplarQM8s2qgDWO7Dx3Jq3CuaSwYaYHNXb4lOtUIXt9
2Havkjm7DlHM2SPTPyDPU7VWoyDa5V4Us+IKnSTVmRYeMkr3VwxBp3uMQ6Z/KK29
BPuv+gJ/jh1GrPy+q5QDdq3JV+UguY3wXqNIYkPeGS9wwvWjskGGCYZrAn6jeOEw
temtDITyF42/HftKmHEpm6hP2m+vaQSAAz30W2vBlCSRbZ7ACi3ujyDNXvsmBgAI
yz8tvPdIor8tQtE9M7geu0wwU/1MQIjBxbQMcj4d2uMPolNa4/2vy5QZG0bRTsNm
f//inxaXrTuTqZpAyo3dF9UDe5qKRtLxeLjYrErNLxdHzQwWaHJtRDk2yvbAa85P
7YkX/6ThNvD91AGnqtqe
=Uc8+
-----END PGP SIGNATURE-----

--SO98HVl1bnMOfKZd--