Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jbRJV-0001MV-8J for pgsql-pkg-yum@arkaria.postgresql.org; Wed, 20 May 2020 16:11:25 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1jbRJU-0006zR-88 for pgsql-pkg-yum@arkaria.postgresql.org; Wed, 20 May 2020 16:11:24 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jbRJU-0006yx-3B for pgsql-pkg-yum@lists.postgresql.org; Wed, 20 May 2020 16:11:24 +0000 Received: from tamriel.snowman.net ([2001:470:e38f::11]) by makus.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1jbRJR-0004y4-RU for pgsql-pkg-yum@postgresql.org; Wed, 20 May 2020 16:11:22 +0000 Received: by tamriel.snowman.net (Postfix, from userid 1000) id 0E3C45F79E; Wed, 20 May 2020 12:11:20 -0400 (EDT) Date: Wed, 20 May 2020 12:11:19 -0400 From: Stephen Frost To: Devrim =?iso-8859-1?B?R/xuZPx6?= Cc: Peter Eisentraut , Christoph Berg , Craig Ringer , pgsql-pkg-yum Subject: Re: Can we stop defaulting to 'ident'? Message-ID: <20200520161119.GF3418@tamriel.snowman.net> References: <7761d006b5ace13a4d86ce489123e5004aaf8b6c.camel@gunduz.org> <20200519212710.GQ13712@tamriel.snowman.net> <6089d4c8e262dd6fe8a6510c283e674543a24b5c.camel@gunduz.org> <3869d8c9-c212-8d73-52f4-13b03abe4813@2ndquadrant.com> <20200520134035.GD296739@msg.df7cb.de> <3a7d55ed-6abb-2005-23d7-8411bb9f5651@2ndquadrant.com> <20200520145752.GD3418@tamriel.snowman.net> <398c9be51f87d8fbe0964ef75641d676afca2386.camel@gunduz.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ExXT7PjY8AI4Hyfa" Content-Disposition: inline In-Reply-To: <398c9be51f87d8fbe0964ef75641d676afca2386.camel@gunduz.org> User-Agent: Mutt/1.5.24 (2015-08-30) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Precedence: bulk --ExXT7PjY8AI4Hyfa Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Greetings, * Devrim G=FCnd=FCz (devrim@gunduz.org) wrote: > On Wed, 2020-05-20 at 10:57 -0400, Stephen Frost wrote: > > While this discussion has been about pg_hba.conf, we really should > > clean > > it all up and encourage users, by setting sane defaults, to use > > SCRAM. > >=20 > > That necessarily includes setting SCRAM as the password_encryption >=20 > My patch already changes that default as well -- RPMs's default > password_encryption will be scram-sha-256. +1 for my part. Thanks, Stephen --ExXT7PjY8AI4Hyfa Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJexVanAAoJEO1sijiDR2RV8BwP/RTsVDhdOD+3nl0kyP9saVKT xwYp6PYDt10pemTmJS33KeuoFT2r/HIXPkySfVhcaOjQqitns0fUDg5MrmCeacSY MMGo4sFI9vlbEF5p8txbvmq2Zy9gRDyOZAONCugnOb3ZuygLVWpeZH/wQtNlpxMf MCIdVyQdUWXRIQLjy5Mauo7X20jkr7BTIe3Q4+ANJoof4JbDUFq6ahUvsVt9+alw GVwC0EX90FcxkTQz+Iv114fHNQoCRXw/aAXepyLN2u3NsTYxOmT3tBp7kDq98OvT f8+F5QnSTDrIi7gdvm6KjsC54gd+JvCvWNeT3rufjnKo98ODvHyMabtmM63gwDrj xuMjLwtMfcOXO4Tg9JVUlNF79SfN2hd8myut1hVT/q13KRp6sQmHVDvu+Q5V3NYy QILudeBu/TeyeL4DbFfA8Yit6sEBg51rXxqkPIzq8g+YP4PPi3jhpdGglarQ3GiE YskHrchyRGriJ+hks69rIqUKR7dlqZfb3UnbOFB5ZbNQRSPDRJKTHu8JyAFieEV+ 8NvK0JxaJ6jtivWv4faPvRqNcrGqC2LSkzZsp63lrNz3UlnM3Ub5K9HmVdYinSGA 0pwFv6mS5kgfsUspdaF+8kdW2IMn023GdHrshsEoBDIVRCpL5szrcsqCixzxJjrp 58hD4A2jgHBWYyrsYmPH =Fl9b -----END PGP SIGNATURE----- --ExXT7PjY8AI4Hyfa--