public inbox for [email protected]
help / color / mirror / Atom feedFrom: Stephen Frost <[email protected]>
To: Peter Eisentraut <[email protected]>
Cc: Christoph Berg <[email protected]>
Cc: Devrim Gündüz <[email protected]>
Cc: Craig Ringer <[email protected]>
Cc: pgsql-pkg-yum <[email protected]>
Subject: Re: Can we stop defaulting to 'ident'?
Date: Wed, 20 May 2020 19:00:27 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
Greetings,
* Peter Eisentraut ([email protected]) wrote:
> On 2020-05-20 17:33, Stephen Frost wrote:
> >>But this leads to other questions, like, what should pg_upgrade do?
> >Same as it always has- make the user deal with anything they need to
> >regarding postgresql.conf? Why would anything change with pg_upgrade?
>
> Well, one might expect that the user at least gets some kind of notification
> that something is changing. What happens when you end up with a mix of MD5
> and SCRAM passwords in pg_authid? Are users going to be notified about this
> somehow? Has this been thought through to the end? Have all combinations
> been tested?
I agree that these things should have been thought through and
considered and that the original patch should have addressed every
possible angle. That didn't happen though. There's things that could
be dealt with in the packaging to improve things for users of
pg_upgradecluster, but that's not on the RPM side anyway.
wrt the specific questions- if you have 'md5' in your pg_hba.conf then a
mix of md5 and SCRAM passwords will allow users to still log in- md5
will "upgrade" to SCRAM. If you have scram in pg_hba.conf then you have
to be using SCRAM to connect (which wasn't a great decision, but that's
what was implemented). Of course, that's not a problem for *new*
installs, and that's really what we're talking about here. We aren't
going to be changing any existing configurations with this, just the
*defaults* for new installs, which users who are using pg_upgrade are
going to have to change in just about all cases anyway, particularly on
RHEL.
Thanks,
Stephen
Attachments:
[application/pgp-signature] signature.asc (819B, 2-signature.asc)
download
view thread (54+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Can we stop defaulting to 'ident'?
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox