On 4/8/19 8:44 AM, Magnus Hagander wrote: > On Mon, Apr 8, 2019 at 2:41 PM Jonathan S. Katz <jk...@postgresql.org > <mailto:jk...@postgresql.org>> wrote: > > On 4/8/19 8:25 AM, Peter Eisentraut wrote: > > On 2019-04-05 18:11, Jonathan S. Katz wrote: > >> + <para> > >> + We recommend using the <option>-W</option>, > <option>--pwprompt</option>, > >> + or <option>--pwfile</option> flags to assign a password to > the database > >> + superuser, and to override the > <filename>pg_hba.conf</filename> default > >> + generation using <option>-auth-local peer</option> for > local connections, > >> + and <option>-auth-host scram-sha-256</option> for remote > connections. See > >> + <xref linkend="client-authentication"/> for more > information on client > >> + authentication methods. > >> + </para> > > > > As discussed on hackers, we are not ready to support scram-sha-256 out > > of the box. So this advice, or any similar advice elsewhere, > would need > > to recommend "md5" as the setting --- which would probably be > embarrassing. > > Well, it's less embarrassing than trust, and we currently state: > > > Yes. Much less. > > > "Also, specify -A md5 or -A password so that the default trust > authentication mode is not used"[1] > > We could also modify it to say : > > "and <option>-auth-host scram-sha-256</option> for remote connections if > your client supports it, otherwise <option>-auth-host md5</option>" > > > That would be the best from a correctness, but if of course also makes > things sound more complicated. I'm not sure where the right balance is > there.
We could link here[1] from the docs on the line for "client supports it" Jonathan [1] https://wiki.postgresql.org/wiki/List_of_drivers
signature.asc
Description: OpenPGP digital signature
