> On 14 Nov 2025, at 13:15, Michael Banck <[email protected]> wrote: > On Fri, Nov 14, 2025 at 12:53:41PM +0100, Daniel Gustafsson wrote:
>>> On 14 Nov 2025, at 11:47, Michael Banck <[email protected]> wrote: >>> while looking through postgresql.conf on PG18, I noticed that >>> password_encryption mentions md5 as valid alternative to scram-sha-256. >>> I think it would be useful to mention md5 is deprecated so that people >>> looking at it (but have otherwise not gotten the memo) will realize and >>> hopefully act on it. >> >> No objection. I suspect the overlap between users who don't read release >> notes >> and users who read .conf.sample comments closely is pretty small, but it >> certainly won't hurt. > > I was under the impression (and it is the case on Debian/Ubuntu at > least, but pretty sure also for the RPM-based packaging) that the > content of postgresql.conf.sample was folded into the default > postgresql.conf on instance creation via distribution tools, so I think > people would generally see this (for new instances) if they look around > that part of their config files. Yes. I meant to write .conf but my fingers were faster than my brain and typed the full .conf.sample. Sorry about that. >> -#password_encryption = scram-sha-256 # scram-sha-256 or md5 >> +#password_encryption = scram-sha-256 # scram-sha-256 or (deprecated) md5 >> #scram_iterations = 4096 >> #md5_password_warnings = on >> >> Maybe this should be combined with a comment on md5_password_warnings as >> well? > > Good point, how about the attached? Something like that yes. I'll wait for others to chime in but unless there are objections I think we should go with something like this. -- Daniel Gustafsson
