Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.89) (envelope-from ) id 1iiCyu-0002v6-Tl for pgsql-pkg-yum@arkaria.postgresql.org; Fri, 20 Dec 2019 07:45:53 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.89) (envelope-from ) id 1iiCys-0008VR-RU for pgsql-pkg-yum@arkaria.postgresql.org; Fri, 20 Dec 2019 07:45:50 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.89) (envelope-from ) id 1iiCys-0008VJ-K2 for pgsql-pkg-yum@lists.postgresql.org; Fri, 20 Dec 2019 07:45:50 +0000 Received: from ns5.gunduz.org ([107.170.136.15] helo=ns1.gunduz.org) by magus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1iiCym-0006MY-EP for pgsql-pkg-yum@postgresql.org; Fri, 20 Dec 2019 07:45:49 +0000 Received: from asus-laptop04 (unknown [85.255.234.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ns1.gunduz.org (Postfix) with ESMTPSA id 9A6B93FD2B; Fri, 20 Dec 2019 07:45:08 +0000 (UTC) Message-ID: <77df509da61adaebca6c5f0451f1c1616f1faa45.camel@gunduz.org> Subject: Re: Can we stop defaulting to 'ident'? From: Devrim =?ISO-8859-1?Q?G=FCnd=FCz?= To: Craig Ringer , pgsql-pkg-yum Date: Fri, 20 Dec 2019 10:45:37 +0300 In-Reply-To: References: Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-IEtGixDuXOfQ02skyY/5" User-Agent: Evolution 3.34.2 (3.34.2-1.fc31) MIME-Version: 1.0 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Precedence: bulk --=-IEtGixDuXOfQ02skyY/5 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, On Thu, 2019-12-19 at 12:58 +0800, Craig Ringer wrote: > It's not clear why the initdb wrapper for the rpm packages defaults to > generating 'host' entries with 'ident' auth,=20 Historical reasons, like at least 15 years or more. > but I think it's pretty unhelpful. At least if we used 'md5' the user cou= ld > set passwords and have them actually work. IMHO the only alternative could be "trust", because I am not holding my bre= ath for the majority of our users to be able to setup a password that easily (yeah). I'm also not inclined to setup a default password for RPM installat= ions (and also RPMs must not do any interactive work, like asking for a password= ) Regards, --=20 Devrim G=C3=BCnd=C3=BCz Open Source Solution Architect, Red Hat Certified Engineer Twitter: @DevrimGunduz , @DevrimGunduzTR --=-IEtGixDuXOfQ02skyY/5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEH8GKHNUOKtDEiyD22MM9/pLPbrUFAl38fCEACgkQ2MM9/pLP brVuug//eVdgtSg6UpDxHV2mO74gA7sZiR/LBIHbgqQOzZNmnNrWoE0bdzRiHxwV kHECYdX/up4F8m7CzdfRkEv67GX17QhZ2NXBIXS8vW5ViwB1nw378T+tzNnVPVVG Twrx85WT2WDP5QVfs1STUSCT1Ib4Kgi/ZoQLInqwyw8tqcLIBBK+HC4ATveZItVx EHseBqs5FeumdJbWkRzMhuchyswqFwj8GFOzPkbQ0qWuMExoW5Ho1+DNBgBc0d7J O1ijybeJkKIlkbLlrxrNSwFoOekj84gzYegj5799RKJZLfndQZ8yY3hza2wLRaFX 9uF4fEoaYq4NpW+zEtycgDTA8iX/HVQRQQbDcjYrGbkAEzmZcFEIftTYqiZPH4IS l2sAsueyXr747V9nSSHavoiqmME1aak1pcOFuAGyYE8u6ENMLc41MGwmPoIdFyd/ s5G6R/plU8XVK7JMHwu/cAXx2kyVL+MIUA/BrUZ6UjEx/ISbx2k8xQRNzdfRKYjc fFe6pSAf5XKjtGDIbYQIWhb44+p+tzncfZgpBViksMsppoj3GqDMcyq3JG/XNIOU 8gYU8QLlqY1EkILVKEheTp6uR+eHQDyD6GBzY8IwghF4pSlfayC2uZm6GDlK8ndv aKBDUvJWtd6/8NOizGF8UP8d8XrPO4425I2epBVJGJi1I8NOsp8= =MKbZ -----END PGP SIGNATURE----- --=-IEtGixDuXOfQ02skyY/5--