Greetings,
* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Stephen Frost <sfrost@snowman.net> writes:
> > * Magnus Hagander (magnus@hagander.net) wrote:
> >> On Fri, May 22, 2020 at 4:13 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> >>> Peter Eisentraut <peter.eisentraut@2ndquadrant.com> writes:
> >>>> We didn't get anywhere with making the default authentication method in
> >>>> a source build anything other than trust.
>
> > I'm +1 on moving the default for password_encryption to be
> > scram. Even better would be changing the pg_hba.conf default, but I
> > think we still have concerns about that having problems with the
> > regression tests and the buildfarm.
>
> As far as that last goes, we *did* get the buildfarm fixed to be all
> v11 scripts, so I thought we were ready to move forward on trying
> 09f08930f again. It's too late to consider that for v13, but
> perhaps it'd be reasonable to change the SCRAM default now? Not sure.
I feel like it is. I'm not even sure that I agree that it's really too
late to consider 09f08930f considering that's it's a pretty minor code
change and the up-side to that is having reasonable defaults out of the
box, as it were, something we have *long* been derided for.
> Post-beta1 isn't the best time for such things.
It'd be good to be consistent about this between the packagers and the
source builds, imv, and we don't tend to think about that until we have
packages being built and distributed and used and that ends up being
post-beta1. If we want that changed then we should go back to having
alphas..
In general though, I'm reasonably comfortable with changing of default
values post beta1. I do appreciate that not everyone would agree with
that, but with all the effort that's put into getting everything working
with SCRAM, it'd be a real shame to keep md5 as the default for yet
another year and a half..
Thanks,
Stephen