On 3/3/22 12:23 PM, Bruce Momjian wrote:
On Thu, Mar 3, 2022 at 10:45:42AM +0100, Peter Eisentraut wrote:On 02.03.22 16:45, Jonathan S. Katz wrote:By that argument, we should have kept "password" (plain) as an authentication method.For comparison, the time between adding md5 and removing password was 16 years. It has been 5 years since scram was added.Uh, when did we remove "password". I still see it mentioned in pg_hba.conf. Am I missing something?
I may have explained this wrong. The protocol still supports "plain" but we removed the ability to store passwords in plaintext:
"Remove the ability to store unencrypted passwords on the server"The password_encryption server parameter no longer supports off or plain. The UNENCRYPTED option is no longer supported in CREATE/ALTER USER ... PASSWORD. Similarly, the --unencrypted option has been removed from createuser. Unencrypted passwords migrated from older versions will be stored encrypted in this release. The default setting for password_encryption is still md5."
Jonathan [1] https://www.postgresql.org/docs/release/10.0/
OpenPGP_signature
Description: OpenPGP digital signature
