Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1jbXhT-0007zj-Lg
	for pgsql-pkg-yum@arkaria.postgresql.org; Wed, 20 May 2020 23:00:35 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1jbXhR-0006Lc-RV
	for pgsql-pkg-yum@arkaria.postgresql.org; Wed, 20 May 2020 23:00:33 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <sfrost@tamriel.snowman.net>)
	id 1jbXhR-0006LV-MB
	for pgsql-pkg-yum@lists.postgresql.org; Wed, 20 May 2020 23:00:33 +0000
Received: from tamriel.snowman.net ([96.255.250.162])
	by makus.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <sfrost@tamriel.snowman.net>)
	id 1jbXhL-00006T-HU
	for pgsql-pkg-yum@postgresql.org; Wed, 20 May 2020 23:00:32 +0000
Received: by tamriel.snowman.net (Postfix, from userid 1000)
	id 226955F79E; Wed, 20 May 2020 19:00:27 -0400 (EDT)
Date: Wed, 20 May 2020 19:00:27 -0400
From: Stephen Frost <sfrost@snowman.net>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: Christoph Berg <myon@debian.org>,
	Devrim =?iso-8859-1?B?R/xuZPx6?= <devrim@gunduz.org>,
	Craig Ringer <craig@2ndquadrant.com>,
	pgsql-pkg-yum <pgsql-pkg-yum@postgresql.org>
Subject: Re: Can we stop defaulting to 'ident'?
Message-ID: <20200520230026.GQ3418@tamriel.snowman.net>
References: <7761d006b5ace13a4d86ce489123e5004aaf8b6c.camel@gunduz.org>
 <20200519212710.GQ13712@tamriel.snowman.net>
 <6089d4c8e262dd6fe8a6510c283e674543a24b5c.camel@gunduz.org>
 <3869d8c9-c212-8d73-52f4-13b03abe4813@2ndquadrant.com>
 <20200520134035.GD296739@msg.df7cb.de>
 <3a7d55ed-6abb-2005-23d7-8411bb9f5651@2ndquadrant.com>
 <20200520145752.GD3418@tamriel.snowman.net>
 <32b7fe66-f0e6-42e5-3c95-7d123e7d7f6d@2ndquadrant.com>
 <20200520153337.GE3418@tamriel.snowman.net>
 <074a1634-450f-1e2f-53aa-178de3ac1076@2ndquadrant.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="QVgWX4+QEldMe/r9"
Content-Disposition: inline
In-Reply-To: <074a1634-450f-1e2f-53aa-178de3ac1076@2ndquadrant.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
List-Id: <pgsql-pkg-yum.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-pkg-yum@lists.postgresql.org>
List-Owner: <mailto:pgsql-pkg-yum-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-pkg-yum>
Precedence: bulk


--QVgWX4+QEldMe/r9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Greetings,

* Peter Eisentraut (peter.eisentraut@2ndquadrant.com) wrote:
> On 2020-05-20 17:33, Stephen Frost wrote:
> >>But this leads to other questions, like, what should pg_upgrade do?
> >Same as it always has- make the user deal with anything they need to
> >regarding postgresql.conf?  Why would anything change with pg_upgrade?
>=20
> Well, one might expect that the user at least gets some kind of notificat=
ion
> that something is changing.  What happens when you end up with a mix of M=
D5
> and SCRAM passwords in pg_authid?  Are users going to be notified about t=
his
> somehow?  Has this been thought through to the end?  Have all combinations
> been tested?

I agree that these things should have been thought through and
considered and that the original patch should have addressed every
possible angle.  That didn't happen though.  There's things that could
be dealt with in the packaging to improve things for users of
pg_upgradecluster, but that's not on the RPM side anyway.

wrt the specific questions- if you have 'md5' in your pg_hba.conf then a
mix of md5 and SCRAM passwords will allow users to still log in- md5
will "upgrade" to SCRAM.  If you have scram in pg_hba.conf then you have
to be using SCRAM to connect (which wasn't a great decision, but that's
what was implemented).  Of course, that's not a problem for *new*
installs, and that's really what we're talking about here.  We aren't
going to be changing any existing configurations with this, just the
*defaults* for new installs, which users who are using pg_upgrade are
going to have to change in just about all cases anyway, particularly on
RHEL.

Thanks,

Stephen

--QVgWX4+QEldMe/r9
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJexbaKAAoJEO1sijiDR2RVxywP/RCfBWgWP7R5PbGAYju9/JS/
alPyag5eBIB0YADjZF7JVHQ5nD+Q8o+G0bUP+lJ+PXzooo0ZTfg39HDDTkJ/Rdja
I2xtG5mEidx+GZwdPNSluH97eK6W7L8CM+TCoqM1q6GROD+QgtfYOYQ2fhqsS8vm
g4XSdXy1dyQc8yLX4AWvEvJLOdI0dZOJ0VlLCShH1FbdDzskLDHLSJuFOKLNYt59
Fusy6uwMN+DNLDWLS7O1jO2GnJkdk35xC+Kt1W0CrgGlwYytuggaeIsj9ujd/IMo
Exsb++6pEoLlFBkNJWAOM7MaGcsFlTRl013F1GTfcVG8V1dwsgAc6KsPlCekPOA2
NJ8kPIhWftL5eN707gUqJVSbN5mlaY5gXsUfzbyzRkmpYm+QlwKhGszph1hkcBvw
DkQne5ALnMZp6+IUC490rokKjj3C6Tn28aitHAKQoFvEHRexufEVBsWglTmPcZQF
Cz3opNcwcpAtCPlsUWvNy64Pkrs70Er3+NMInK7gvC2I7pBmbAEje3RH/wolndd8
i4O1GXXwmZzUYV/hiKbMX9/4UhIkMbupOTlY/It3MeQgBb+oAdP2ju1beenQafIb
g4mUiAo7rAAFwWXJ4V0OPQzaRjJz3wvaKZ9eSe9PeVaxwu6RpBKR0AK3I5DhZkp+
X8Ud6SatZig162cczv5X
=5/+J
-----END PGP SIGNATURE-----

--QVgWX4+QEldMe/r9--