Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jbRH4-0001HA-9V for pgsql-pkg-yum@arkaria.postgresql.org; Wed, 20 May 2020 16:08:54 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1jbRH3-0002Yr-7x for pgsql-pkg-yum@arkaria.postgresql.org; Wed, 20 May 2020 16:08:53 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jbRH2-0002Yd-FF for pgsql-pkg-yum@lists.postgresql.org; Wed, 20 May 2020 16:08:52 +0000 Received: from ns5.gunduz.org ([107.170.136.15] helo=ns1.gunduz.org) by makus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jbRGy-0004wY-Mz for pgsql-pkg-yum@postgresql.org; Wed, 20 May 2020 16:08:51 +0000 Received: from asus-laptop06.gunduz.org (unknown [31.14.249.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ns1.gunduz.org (Postfix) with ESMTPSA id 2E00A3FD51; Wed, 20 May 2020 16:08:47 +0000 (UTC) Message-ID: <398c9be51f87d8fbe0964ef75641d676afca2386.camel@gunduz.org> Subject: Re: Can we stop defaulting to 'ident'? From: Devrim =?ISO-8859-1?Q?G=FCnd=FCz?= To: Stephen Frost , Peter Eisentraut Cc: Christoph Berg , Craig Ringer , pgsql-pkg-yum Date: Wed, 20 May 2020 17:08:44 +0100 In-Reply-To: <20200520145752.GD3418@tamriel.snowman.net> References: <7761d006b5ace13a4d86ce489123e5004aaf8b6c.camel@gunduz.org> <20200519212710.GQ13712@tamriel.snowman.net> <6089d4c8e262dd6fe8a6510c283e674543a24b5c.camel@gunduz.org> <3869d8c9-c212-8d73-52f4-13b03abe4813@2ndquadrant.com> <20200520134035.GD296739@msg.df7cb.de> <3a7d55ed-6abb-2005-23d7-8411bb9f5651@2ndquadrant.com> <20200520145752.GD3418@tamriel.snowman.net> Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-ZVJgtpyruPiQ68+3WVuI" User-Agent: Evolution 3.36.2 (3.36.2-1.fc32) MIME-Version: 1.0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Precedence: bulk --=-ZVJgtpyruPiQ68+3WVuI Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, On Wed, 2020-05-20 at 10:57 -0400, Stephen Frost wrote: > While this discussion has been about pg_hba.conf, we really should > clean > it all up and encourage users, by setting sane defaults, to use > SCRAM. >=20 > That necessarily includes setting SCRAM as the password_encryption My patch already changes that default as well -- RPMs's default password_encryption will be scram-sha-256. Regards, --=20 Devrim G=C3=BCnd=C3=BCz Open Source Solution Architect, Red Hat Certified Engineer Twitter: @DevrimGunduz , @DevrimGunduzTR --=-ZVJgtpyruPiQ68+3WVuI Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEH8GKHNUOKtDEiyD22MM9/pLPbrUFAl7FVgwACgkQ2MM9/pLP brWWJhAAnM39DMSPasQCVRRvIOh0LuW2uWsGb+2vKwjk7liemFrKhPTaWwi+M3s7 pD8VqfY5IRqNr7auG4uh8SeAbpTqW8Bi1fBkLH6L2ri3GUp6wCN98zzDM3b7WO13 WQ/SBBO0sW935k3tX0GPoQoIqDsyRn6YHsLrjo1L/IVgJZZJGxncJ2FJnRK/D8GY HOiqCG1NZ8XVQwl06FYSVKB9IQ3t7hGkx2fYjIcfE968d2zCmjK8kVxkHJu7+uvX fSZcW9ANAQJa2MMtGq4QDarwXT0/TqQZdoZiFFoZjbIdfhVmUomn4hcktsMIeBEC aDSy8mYIqFkTx8QeRatJjNZRG74y0F913GIDGPXOzKb9zMck0DwzQqVCUomQaCXJ ohfYxdIQVTqH4l8A//2hISywu0axBjDlVIV26F9clQjKlK9AEHqayLpW7V3bOcoS YDvMAoSJCIq1yjzhawFqgqgdZpEuAXlFirpu1eJBAOBT0+RqX94Z3QjB/Vxea5Yz cbBiwSQjpjDMEhKQHvbf0HYzHefUOABdEK/c9kZqErm0v2UYpC7ZXDXmmwN0ydez eTR5lvI3m7trKpr3vtpzK8uMULt2o8DrU8c57eaw3EXHp7v0A9hjiRt+vMl5JaDu 5yFSXP0VsohqN5UEV6Cxbc3XDZY8iYBSLljJTJ/4zbhEiLwvg/o= =EvY4 -----END PGP SIGNATURE----- --=-ZVJgtpyruPiQ68+3WVuI--