On Sat, Jul 13, 2019 at 2:44 PM Peter Eisentraut <peter.eisentr...@2ndquadrant.com> wrote: > > On 2019-07-11 21:34, Julien Rouhaud wrote: > >> Note that with this change, running initdb without arguments will now > >> error on those platforms: You need to supply either a password or select > >> a different default authentication method. > > Should we make this explicitly stated in the documentation? As a > > reference, it's saying: > > > > The default client authentication setup is such that users can connect > > over the Unix-domain socket to the same database user name as their > > operating system user names (on operating systems that support this, > > which are most modern Unix-like systems, but not Windows) and > > otherwise with a password. To assign a password to the initial > > database superuser, use one of initdb's -W, --pwprompt or -- pwfile > > options. > > Do you have a suggestion for where to put this and exactly how to phrase > this? > > I think the initdb reference page would be more appropriate than > runtime.sgml.
Yes initdb.sgml seems more suitable. I was thinking something very similar to your note, maybe like (also attached if my MUA ruins it): diff --git a/doc/src/sgml/ref/initdb.sgml b/doc/src/sgml/ref/initdb.sgml index c47b9139eb..764cf737c7 100644 --- a/doc/src/sgml/ref/initdb.sgml +++ b/doc/src/sgml/ref/initdb.sgml @@ -143,6 +143,15 @@ PostgreSQL documentation connections. </para> + <note> + <para> + Running initdb without arguments on platforms lacking + <literal>peer</literal> or Unix-domain socket connections will exit + with an error. On such environments, you need to either provide a + password or choose a different authentication method. + </para> + </note> + <para> Do not use
diff --git a/doc/src/sgml/ref/initdb.sgml b/doc/src/sgml/ref/initdb.sgml index c47b9139eb..764cf737c7 100644 --- a/doc/src/sgml/ref/initdb.sgml +++ b/doc/src/sgml/ref/initdb.sgml @@ -143,6 +143,15 @@ PostgreSQL documentation connections. </para> + <note> + <para> + Running initdb without arguments on platforms lacking + <literal>peer</literal> or Unix-domain socket connections will exit + with an error. On such environments, you need to either provide a + password or choose a different authentication method. + </para> + </note> + <para> Do not use <literal>trust</literal> unless you trust all local users on your system.