On Tue, Jun 18, 2019 at 10:33 PM Peter Eisentraut <peter.eisentr...@2ndquadrant.com> wrote: > > On 2019-05-23 18:54, Peter Eisentraut wrote: > > To recap, the idea here was to change the default authentication methods > > that initdb sets up, in place of "trust". > > > > I think the ideal scenario would be to use "peer" for local and some > > appropriate password method (being discussed elsewhere) for host.
I'm also personally all for that change. > Patch for that attached. Patch applies and compiles cleanly, same for documentation. The change works as intended, so I don't have much to say. > Note that with this change, running initdb without arguments will now > error on those platforms: You need to supply either a password or select > a different default authentication method. Should we make this explicitly stated in the documentation? As a reference, it's saying: The default client authentication setup is such that users can connect over the Unix-domain socket to the same database user name as their operating system user names (on operating systems that support this, which are most modern Unix-like systems, but not Windows) and otherwise with a password. To assign a password to the initial database superuser, use one of initdb's -W, --pwprompt or -- pwfile options.