Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1jeLYg-0007CA-0H
	for pgsql-pkg-yum@arkaria.postgresql.org; Thu, 28 May 2020 16:39:06 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <pgsql-pkg-yum-owner+archive@lists.postgresql.org>)
	id 1jeLYe-0006Xk-4p
	for pgsql-pkg-yum@arkaria.postgresql.org; Thu, 28 May 2020 16:39:04 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <cb@df7cb.de>)
	id 1jeLYd-0006Xc-Vo
	for pgsql-pkg-yum@lists.postgresql.org; Thu, 28 May 2020 16:39:03 +0000
Received: from feynman.df7cb.de ([195.49.152.168])
	by magus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <cb@df7cb.de>)
	id 1jeLYY-0003g2-W2
	for pgsql-pkg-yum@postgresql.org; Thu, 28 May 2020 16:39:03 +0000
Received: from msg.df7cb.de (unknown
 [IPv6:2a02:908:1474:3de0:76e5:bff:fef3:7e00])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits)
 server-digest SHA256)
	(Client did not present a certificate)
	by feynman.df7cb.de (Postfix) with ESMTPSA id 49Xtgj0zgYz3DwZ;
	Thu, 28 May 2020 18:38:57 +0200 (CEST)
Date: Thu, 28 May 2020 18:38:56 +0200
From: Christoph Berg <myon@debian.org>
To: Stephen Frost <sfrost@snowman.net>
Cc: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>,
	Devrim =?iso-8859-1?B?R/xuZPx6?= <devrim@gunduz.org>,
	Craig Ringer <craig@2ndquadrant.com>,
	pgsql-pkg-yum <pgsql-pkg-yum@postgresql.org>
Subject: Re: Can we stop defaulting to 'md5'?
Message-ID: <20200528163856.GB107313@msg.df7cb.de>
Mail-Followup-To: Christoph Berg <myon@debian.org>,
	Stephen Frost <sfrost@snowman.net>,
	Peter Eisentraut <peter.eisentraut@2ndquadrant.com>,
	Devrim =?iso-8859-1?B?R/xuZPx6?= <devrim@gunduz.org>,
	Craig Ringer <craig@2ndquadrant.com>,
	pgsql-pkg-yum <pgsql-pkg-yum@postgresql.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20200520163509.GG3418@tamriel.snowman.net>
 <20200520153337.GE3418@tamriel.snowman.net>
List-Id: <pgsql-pkg-yum.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-pkg-yum@lists.postgresql.org>
List-Owner: <mailto:pgsql-pkg-yum-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-pkg-yum>
Precedence: bulk

Re: Stephen Frost
> postgresql.conf alone, but ultimately that's probably going to be up to
> what Christoph is comfortable with.

Re: Stephen Frost
> If you leave it as 'md5' in pg_hba.conf, then *that* will do either md5,
> or scram.  If you have 'scram-sha-256' in pg_hba.conf and only an 'md5'
> password then it breaks.

Fwiw "comfortable" and "it breaks" are the problem here. The whole
picture is so utterly complicated that I'm still scared from reading
the docs the first time around the time PG10 came about. In trainings
I'm still telling people that md5 is the accepted standard because
there's enough more interesting things to teach about PostgreSQL.

Why do I have to decide *in pg_hba.conf* which hash algorithm is used?
Why can't that just be "password"?

The password_encryption GUC should be the only place concerned with
that, and it should only be used for new passwords. Existing passwords
should just continue to work. *That* would allow seamless upgrades.

Getting this mess fixed would be good for security because then people
will likely start using scram.

Christoph