On 2020-05-20 16:57, Stephen Frost wrote:
> Greetings,
>
> * Peter Eisentraut (peter.eisentraut@2ndquadrant.com) wrote:
>> Sorry, I should have been more clear. The upstream default of the GUC
>> parameter "password_encryption" is md5.
>
> Which, really, is pretty broken when we're going to be having our
> packagers setting up pg_hba.conf to use scram- at the *very* least it's
> ridiculously misleading because we're going to have SCRAM in pg_hba.conf
> but passwords actually stored as md5 and therefore we won't be getting
> the benefits from SCRAM auth (though it should still work, of course,
> since the SCRAM mode will fall back to working with an md5 password).
Devrim's commit to pgrpms did include a change to the default setting of
password_encryption, so it appears to be correct as far as it goes.
But this leads to other questions, like, what should pg_upgrade do?
These discussions should be had, but perhaps not on the RPM packaging
list the night before the release.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services