Index: bin/initdb/initdb.c
===================================================================
RCS file: /projects/cvsroot/pgsql-server/src/bin/initdb/initdb.c,v
retrieving revision 1.44
diff -c -r1.44 initdb.c
*** bin/initdb/initdb.c	19 Jul 2004 02:47:12 -0000	1.44
--- bin/initdb/initdb.c	22 Jul 2004 18:06:03 -0000
***************
*** 88,93 ****
--- 88,94 ----
  char	   *username = "";
  bool		pwprompt = false;
  char       *pwfilename = NULL;
+ char       *authmethod = "";
  bool		debug = false;
  bool		noclean = false;
  bool		show_setting = false;
***************
*** 119,124 ****
--- 120,135 ----
  int			n_buffers = 50;
  
  /*
+  * Warning messages for authentication methods
+  */
+ char *authtrust_warning =											\
+ 	"# CAUTION: Configuring the system for local \"trust\" authentication allows\n"
+ 	"# any local user to connect as any PostgreSQL user, including the database\n"
+ 	"# superuser. If you do not trust all your local users, use another\n"
+ 	"# authenication method.\n";
+ char *authwarning = NULL;
+ 
+ /*
   * Centralized knowledge of switches to pass to backend
   *
   * Note: in the shell-script version, we also passed PGDATA as a -D switch,
***************
*** 1114,1120 ****
  							  "host    all         all         ::1",
  							  "#host    all         all         ::1");
  #endif
! 
  	snprintf(path, sizeof(path), "%s/pg_hba.conf", pg_data);
  
  	writefile(path, conflines);
--- 1125,1140 ----
  							  "host    all         all         ::1",
  							  "#host    all         all         ::1");
  #endif
! 	
! 	/* Replace default authentication methods */
! 	conflines = replace_token(conflines,
! 							 "@authmethod@",
! 							  authmethod);
! 	
! 	conflines = replace_token(conflines,
! 							  "@authcomment@",
! 							  strcmp(authmethod,"trust") ? "" : authtrust_warning);
! 		
  	snprintf(path, sizeof(path), "%s/pg_hba.conf", pg_data);
  
  	writefile(path, conflines);
***************
*** 1971,1976 ****
--- 1991,1997 ----
  			 "                            in the respective category (default taken from\n"
  			 "                            environment)\n"));
  	printf(_("  --no-locale               equivalent to --locale=C\n"));
+ 	printf(_("  -A, --auth=method         default authentication method for local connections\n"));
  	printf(_("  -U, --username=NAME       database superuser name\n"));
  	printf(_("  -W, --pwprompt            prompt for a password for the new superuser\n"));
  	printf(_("  --pwfile=filename         read password for the new superuser from file\n"));
***************
*** 2004,2009 ****
--- 2025,2031 ----
  		{"lc-time", required_argument, NULL, 6},
  		{"lc-messages", required_argument, NULL, 7},
  		{"no-locale", no_argument, NULL, 8},
+ 		{"auth", required_argument, NULL, 'A'}, 
  		{"pwprompt", no_argument, NULL, 'W'},
  		{"pwfile", required_argument, NULL, 9},
  		{"username", required_argument, NULL, 'U'},
***************
*** 2052,2061 ****
  
  	/* process command-line options */
  
! 	while ((c = getopt_long(argc, argv, "dD:E:L:nU:W", long_options, &option_index)) != -1)
  	{
  		switch (c)
  		{
  			case 'D':
  				pg_data = xstrdup(optarg);
  				break;
--- 2074,2086 ----
  
  	/* process command-line options */
  
! 	while ((c = getopt_long(argc, argv, "dD:E:L:nU:WA:", long_options, &option_index)) != -1)
  	{
  		switch (c)
  		{
+ 			case 'A':
+ 				authmethod = xstrdup(optarg);
+ 				break;
  			case 'D':
  				pg_data = xstrdup(optarg);
  				break;
***************
*** 2136,2141 ****
--- 2161,2197 ----
  		fprintf(stderr, _("%s: you cannot specify both password prompt and password file\n"), progname);
  		exit(1);
  	}
+ 	
+ 	if (authmethod == NULL || !strlen(authmethod))
+ 	{
+ 		authwarning = _("\nWARNING: enabling \"trust\" authentication for local connections.\n You can change this by editing pg_hba.conf or using the -A flag next time you use initdb.\n");
+ 		authmethod="trust";
+ 	}
+ 
+ 	if (strcmp(authmethod,"md5") &&
+ 		strcmp(authmethod,"ident") && 
+ 		strncmp(authmethod,"ident ",6) && /* ident with space = param */
+ 		strcmp(authmethod,"trust") &&
+ #ifdef USE_PAM
+ 		strcmp(authmethod,"pam") &&
+ 		strncmp(authmethod,"pam ",4) && /* pam with space = param */
+ #endif
+ 		strcmp(authmethod,"crypt") &&
+ 		strcmp(authmethod,"password")
+ 		)
+ 		/* Kerberos methods not listed because they are not supported
+ 		 * over local connections and are rejected in hba.c */
+ 	{
+ 		fprintf(stderr, _("%s: unknown authentication method \"%s\".\n"), progname, authmethod);
+ 		exit(1);
+ 	}
+ 
+ 	if ((!strcmp(authmethod,"md5") || !strcmp(authmethod,"crypt") || !strcmp(authmethod,"password")) &&
+ 		!(pwprompt || pwfilename))
+ 	{
+ 		fprintf(stderr, _("%s: you need to specify a password for the superuser to enable %s authentication.\n"), progname, authmethod);
+ 		exit(1);
+ 	}
  
  	if (strlen(pg_data) == 0)
  	{
***************
*** 2449,2454 ****
--- 2505,2513 ----
  
  	make_template0();
  
+ 	if (authwarning != NULL)
+ 		fprintf(stderr, authwarning);
+ 
  	printf(_("\nSuccess. You can now start the database server using:\n\n"
  		   "    %s%s%s/postmaster -D %s%s%s\n"
  		   "or\n"
Index: backend/libpq/pg_hba.conf.sample
===================================================================
RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/pg_hba.conf.sample,v
retrieving revision 1.48
diff -c -r1.48 pg_hba.conf.sample
*** backend/libpq/pg_hba.conf.sample	25 Dec 2003 03:44:05 -0000	1.48
--- backend/libpq/pg_hba.conf.sample	15 Jul 2004 20:45:00 -0000
***************
*** 48,67 ****
  # Put your actual configuration here
  # ----------------------------------
  #
- # CAUTION: The default configuration allows any local user to connect
- # using any PostgreSQL user name, including the superuser, over either
- # Unix-domain sockets or TCP/IP.  If you are on a multiple-user
- # machine, the default configuration is probably too liberal for you.
- # Change it to use something other than "trust" authentication.
- #
  # If you want to allow non-local connections, you need to add more
  # "host" records.  Also, remember TCP/IP connections are only enabled
  # if you enable "tcpip_socket" in postgresql.conf.
  
  # TYPE  DATABASE    USER        IP-ADDRESS        IP-MASK           METHOD
  
! local   all         all                                             trust
  # IPv4-style local connections:
! host    all         all         127.0.0.1         255.255.255.255   trust
  # IPv6-style local connections:
! host    all         all         ::1/128                             trust
--- 48,63 ----
  # Put your actual configuration here
  # ----------------------------------
  #
  # If you want to allow non-local connections, you need to add more
  # "host" records.  Also, remember TCP/IP connections are only enabled
  # if you enable "tcpip_socket" in postgresql.conf.
  
+ @authcomment@
+ 
  # TYPE  DATABASE    USER        IP-ADDRESS        IP-MASK           METHOD
  
! local   all         all                                             @authmethod@
  # IPv4-style local connections:
! host    all         all         127.0.0.1         255.255.255.255   @authmethod@
  # IPv6-style local connections:
! host    all         all         ::1/128                             @authmethod@