On Mon, Apr 22, 2019 at 09:52:15AM -0400, Stephen Frost wrote:
> I recall having exactly that debate when SCRAM was being worked on and
> the push-back basically being that it was more work and we'd have to
> have additional syntax for ALTER USER, et al. I wish I had had more
> time to spend on that discussion. Water under the bridge now, but
> hopefully we learn from this and maybe someone refactors how this works
> sometime soon (or, at least, whenever we add the next password
> encoding).
I am not sure that this would have been more work for ALTER TABLE as
we could have relied on just password_encryption to do the work as we
do now. The reluctance was to have more additional columns in
pg_authid as far as I recall, and I sided with having a separate
catalog, and more independent verifier type checks in the catalogs, as
you may recall, which would have also eased password rollups for a
given role.
--
Michael