On 03/14/2017 04:47 AM, Tom Lane wrote:
Robert Haas <robertmh...@gmail.com> writes:
I'm not talking about changing the default, just having it be possible
to use \password with the new system as it was with the old, whatever
exactly we think that means.
Seems to me the intended behavior of \password is to use the best
available practice. So my guess is that it ought to use SCRAM when
talking to a >= 10.0 server. What the previous password was ought
to be irrelevant, even if it could find that out which it shouldn't
be able to IMO.
If the server isn't set up to do SCRAM authentication, i.e. there are no
"scram" entries in pg_hba.conf, and you set yourself a SCRAM verifier,
you have just locked yourself out of the system. I think that's a
non-starter. There needs to be some more intelligence in the decision.
It would be a lot more sensible, if there was a way to specify in
pg_hba.conf, "scram-or-md5". We punted on that for PostgreSQL 10, but
perhaps we should try to cram that in, after all.
- Heikki
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
