>> Using a clear text password would not be acceptable for users even >> through an encrypted connection, I think. > > Really, I don't think users who are concerned with security should be > using the md5 method either.
The comment in pg_hba.conf.sample seem to prefer md5 over clear text password. # Note that "password" sends passwords in clear text; "md5" or # "scram-sha-256" are preferred since they send encrypted passwords. > What would be really nice for such cases is support for Kerberos and > delegated Kerberos credentials. Having pgpool support that would remove > the need to deal with passwords at all. > > Ditto for having postgres_fdw support same. More often than not, > Kerberos deployments (via AD, generally) is what I find in the > enterprises that I work with and they're happy to see we have Kerberos > but it's disappointing when they can't use Kerberos with either > connection poolers or with FDWs. I would add supporting Kerberos to the Pgpool-II todo list. Best regards, -- Tatsuo Ishii SRA OSS, Inc. Japan English: http://www.sraoss.co.jp/index_en.php Japanese:http://www.sraoss.co.jp -- Sent via pgsql-hackers mailing list (firstname.lastname@example.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers