MIME-Version: 1.0
References: 
 <CAMsr+YFCuBGWh4=aM-K2LCsBEwcrqm=pphKKHEH09vHwXcspow@mail.gmail.com>
 <77df509da61adaebca6c5f0451f1c1616f1faa45.camel@gunduz.org>
In-Reply-To: <77df509da61adaebca6c5f0451f1c1616f1faa45.camel@gunduz.org>
From: Craig Ringer <craig@2ndquadrant.com>
Date: Mon, 23 Dec 2019 14:04:25 +0800
Message-ID: 
 <CAMsr+YFBeZ+jUs0q1h9LO=OcYDstEN7b=4NyOiiS33yH2CaWqw@mail.gmail.com>
Subject: Re: Can we stop defaulting to 'ident'?
To: =?UTF-8?B?RGV2cmltIEfDvG5kw7x6?= <devrim@gunduz.org>
Cc: pgsql-pkg-yum <pgsql-pkg-yum@postgresql.org>
Content-Type: multipart/alternative; boundary="00000000000074177c059a58cd0c"
Precedence: bulk

--00000000000074177c059a58cd0c
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Fri, 20 Dec 2019 at 15:45, Devrim G=C3=BCnd=C3=BCz <devrim@gunduz.org> w=
rote:

> Hi,
>
> On Thu, 2019-12-19 at 12:58 +0800, Craig Ringer wrote:
>
> > It's not clear why the initdb wrapper for the rpm packages defaults to
> > generating 'host' entries with 'ident' auth,
>
> Historical reasons, like at least 15 years or more.
>

Time to revisit it then.

The current default is already broken. It is more broken than, and less
useful than, defaulting to 'md5' for 'host' since at least then users could
make it work by setting a password.

ident requires entirely new and different daemons to be installed,
configured and enabled.


> > but I think it's pretty unhelpful. At least if we used 'md5' the user
> could
> > set passwords and have them actually work.
>
> IMHO the only alternative could be "trust", because I am not holding my
> breath
> for the majority of our users to be able to setup a password that easily
> (yeah). I'm also not inclined to setup a default password for RPM
> installations
> (and also RPMs must not do any interactive work, like asking for a
> password)


The deb use md5 for 'host' and 'peer' for 'local'. While I think they do
support interactive password setting it's extremely common to run debconf
noninteractively, then set an initial password using psql with the peer
auth conn over a unix socket.

That's the approach I suggest for the rpms too. A stanza to the setup shell
script can even be added to give a hint for next steps:

    echo PostgreSQL instance created at /var/lib/pgsql/12/data and set to
listen on port $NEWPGPORT.
    echo
    echo Start it with systemctl start postgresql-12 .

    if [ $local_authmode =3D=3D 'peer' ]; then
        echo Connect with 'sudo -u postgres psql -p $NEWPGPORT' to create
users, set passwords and create databases.
    fi

or something like that.

--=20
 Craig Ringer                   http://www.2ndQuadrant.com/
 2ndQuadrant - PostgreSQL Solutions for the Enterprise

--00000000000074177c059a58cd0c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">On Fri, 20 Dec 2019 at 15:45, Devrim G=C3=
=BCnd=C3=BCz &lt;<a href=3D"mailto:devrim@gunduz.org">devrim@gunduz.org</a>=
&gt; wrote:<br></div><div class=3D"gmail_quote"><blockquote class=3D"gmail_=
quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,=
204);padding-left:1ex">Hi,<br>
<br>
On Thu, 2019-12-19 at 12:58 +0800, Craig Ringer wrote:<br>
<br>
&gt; It&#39;s not clear why the initdb wrapper for the rpm packages default=
s to<br>
&gt; generating &#39;host&#39; entries with &#39;ident&#39; auth, <br>
<br>
Historical reasons, like at least 15 years or more.<br></blockquote><div>=
=C2=A0</div><div>Time to revisit it then.</div><div><br></div><div>The curr=
ent default is already broken. It is more broken than, and less useful than=
, defaulting to &#39;md5&#39; for &#39;host&#39; since at least then users =
could make it work by setting a password.=C2=A0</div><div><br></div><div>id=
ent requires entirely new and different daemons to be installed, configured=
 and enabled.</div><div>=C2=A0</div><blockquote class=3D"gmail_quote" style=
=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding=
-left:1ex">
&gt; but I think it&#39;s pretty unhelpful. At least if we used &#39;md5=
9; the user could<br>
&gt; set passwords and have them actually work.<br>
<br>
IMHO the only alternative could be &quot;trust&quot;, because I am not hold=
ing my breath<br>
for the majority of our users to be able to setup a password that easily<br=
>
(yeah). I&#39;m also not inclined to setup a default password for RPM insta=
llations<br>
(and also RPMs must not do any interactive work, like asking for a password=
)</blockquote><div><br></div><div>The deb use md5 for &#39;host&#39; and &#=
39;peer&#39; for &#39;local&#39;. While I think they do support interactive=
 password setting it&#39;s extremely common to run debconf noninteractively=
, then set an initial password using psql with the peer auth conn over a un=
ix socket.</div><div><br></div><div>That&#39;s the approach I suggest for t=
he rpms too. A stanza to the setup shell script can even be added to give a=
 hint for next steps:</div><div><br></div><div>=C2=A0 =C2=A0 echo PostgreSQ=
L instance created at /var/lib/pgsql/12/data and set to listen on port $NEW=
PGPORT.</div><div>=C2=A0 =C2=A0 echo=C2=A0</div><div>=C2=A0 =C2=A0 echo Sta=
rt it with systemctl start postgresql-12 .</div></div><div><br></div>=C2=A0=
 =C2=A0 if [ $local_authmode =3D=3D &#39;peer&#39; ]; then<br clear=3D"all"=
><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0 echo Connect with &#39;sudo -u postgres p=
sql -p $NEWPGPORT&#39; to create users, set passwords and create databases.=
</div><div>=C2=A0 =C2=A0 fi</div><div><br></div><div>or something like that=
.</div><div><br></div>-- <br><div dir=3D"ltr" class=3D"gmail_signature"><di=
v dir=3D"ltr"><div><div dir=3D"ltr"><div><div dir=3D"ltr">=C2=A0Craig Ringe=
r=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 <a href=3D"http://www.2ndQuadrant.com/=
" target=3D"_blank">http://www.2ndQuadrant.com/</a><br>=C2=A02ndQuadrant - =
PostgreSQL Solutions for the Enterprise<br></div></div></div></div></div></=
div></div>

--00000000000074177c059a58cd0c--