On 2019-04-05 18:11, Jonathan S. Katz wrote:
> + <para>
> + We recommend using the <option>-W</option>, <option>--pwprompt</option>,
> + or <option>--pwfile</option> flags to assign a password to the database
> + superuser, and to override the <filename>pg_hba.conf</filename> default
> + generation using <option>-auth-local peer</option> for local connections,
> + and <option>-auth-host scram-sha-256</option> for remote connections. See
> + <xref linkend="client-authentication"/> for more information on client
> + authentication methods.
> + </para>
As discussed on hackers, we are not ready to support scram-sha-256 out
of the box. So this advice, or any similar advice elsewhere, would need
to recommend "md5" as the setting --- which would probably be embarrassing.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services