Re: [HACKERS] whats the deal with -u ?
On Sun, Dec 9, 2007 at 6:37 PM, in message [EMAIL PROTECTED], Alvaro Herrera [EMAIL PROTECTED] wrote: I have never understood what's the point of having an option to force a password prompt. I wonder why don't we deprecate -W? I occasionally find it useful for situations where I have a .pgpass entry which would normally cover a database, but I have temporarily changed the password to prevent conflicting usage during maintenance or testing. (For example, while borrowing a machine which is normally part of the production load for a series of benchmarks under the beta release.) There would be other ways to deal with it if this were gone, but it is convenient. -Kevin ---(end of broadcast)--- TIP 5: don't forget to increase your free space map settings
Re: [HACKERS] whats the deal with -u ?
Am Montag, 10. Dezember 2007 schrieb Tom Lane: Joshua D. Drake [EMAIL PROTECTED] writes: As I recall there was a bug under very specific circumstances that a password prompt would not appear. Thus we added the option for -W. I don't see any evidence for that theory in the CVS logs .. Peter seems to have invented -W out of whole cloth. Way back when, there was no way to set the user name on the psql command line. The only way was to use the option -u and type it in. (Well, you could set PGUSER, but that's obviously not quite fun.) But -u also forced a password prompt, even if you didn't need a password. So the functionality of the -u option was split into the -U and -W options. The only difference is that -U does not prompt, but I don't think anyone wants to argue that prompting is better than what -U does. Note that we don't have a way to prompt for host name, database name, etc., and shell scripting this functionality is trivial. Way back when, psql moreover did not have the capability to automatically recognize when a password would be required. That is, if you did not specify one, authentication would simply fail and psql would abort. If you were aware that a password would be required, then the only ways to supply it would be to set PGPASSWORD (which is obviously not quite fun) or use the -u option, which would also prompt you for a user name, even if you did not want to specify one. So the functionality of the -u option was split into the -U and -W options. -W does exactly half of what -u used to do. The functionality to automatically recognize when a password would be required and prompt was added later (or perhaps around the same time) but it was considered a hack (it was a string comparison of the error message). It has obviously worked out quite well anyway. I believe the documentation of the -W option has for its entire lifetime said that it should normally not be necessary. So as far as I can tell, the available options -U and -W serve all the existing use cases. I would have no issue with getting rid of the -W option if someone wants to take responsibility for ensuring that it will really never be necessary. I see no technical or usability merit in reviving the -u option. I hope the above explanations have shed some light on that. -- Peter Eisentraut http://developer.postgresql.org/~petere/ ---(end of broadcast)--- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [HACKERS] whats the deal with -u ?
* Peter Eisentraut ([EMAIL PROTECTED]) wrote: So as far as I can tell, the available options -U and -W serve all the existing use cases. I would have no issue with getting rid of the -W option if someone wants to take responsibility for ensuring that it will really never be necessary. I see no technical or usability merit in reviving the -u option. I hope the above explanations have shed some light on that. I think getting rid of -W would cause a problem w/ PAM in some instances since, iirc, PG will try PAM w/o a password first and only prompt if it doesn't work. That's pretty ugly if you're using things like pam_tally to limit the number of bad attempts allowed. (This is entirely empirical, it's possible there's some other explanation for what's happening, but I recall having to use -W to get PG to not cause PAM to make noisies in my auth.log...). Thanks, Stephen signature.asc Description: Digital signature
Re: [HACKERS] whats the deal with -u ?
Stephen Frost [EMAIL PROTECTED] writes: * Peter Eisentraut ([EMAIL PROTECTED]) wrote: So as far as I can tell, the available options -U and -W serve all the existing use cases. I would have no issue with getting rid of the -W option if someone wants to take responsibility for ensuring that it will really never be necessary. I see no technical or usability merit in reviving the -u option. I hope the above explanations have shed some light on that. I think getting rid of -W would cause a problem w/ PAM in some instances since, iirc, PG will try PAM w/o a password first and only prompt if it doesn't work. I'm not very interested in trying to get rid of -W; it's documented, it's orthogonal to all other switches, and we can see at least some marginal use-cases for it. However, I think we should either get rid of -u or find a way to un-deprecate it. Right now, it's undocumented and as far as I can see the main effect of having it is to cause confusion such as that which started this thread. On the whole I'm in favor of removing it. It's been undocumented for long enough that no one could really complain if it disappears. Further down the road, those whose notion of intuitive was formed by mysql might lobby to have -u become an alternate spelling for -U, but that obviously can't happen until the switch has actually been gone for a few releases. regards, tom lane ---(end of broadcast)--- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [HACKERS] whats the deal with -u ?
* Tom Lane ([EMAIL PROTECTED]) wrote: However, I think we should either get rid of -u or find a way to un-deprecate it. Right now, it's undocumented and as far as I can see the main effect of having it is to cause confusion such as that which started this thread. On the whole I'm in favor of removing it. It's been undocumented for long enough that no one could really complain if it disappears. I agree that it'd be best to remove it and I don't think it'll cause problems for it to go away. Thanks, Stephen signature.asc Description: Digital signature
Re: [HACKERS] whats the deal with -u ?
Stephen Frost [EMAIL PROTECTED] writes: * Tom Lane ([EMAIL PROTECTED]) wrote: However, I think we should either get rid of -u or find a way to un-deprecate it. Right now, it's undocumented and as far as I can see the main effect of having it is to cause confusion such as that which started this thread. On the whole I'm in favor of removing it. It's been undocumented for long enough that no one could really complain if it disappears. I agree that it'd be best to remove it and I don't think it'll cause problems for it to go away. I dug around a bit more and realized that pg_dump and pg_restore have the same -u switch with the same behavior. Theirs are likewise undocumented, but they don't print the annoying deprecation notice when it's used. The use-case for a prompt for username seems even less for these two programs than for psql, so I doubt that removing the switch is likely to break any existing usage. Barring objections, I'll remove all three tomorrow. regards, tom lane ---(end of broadcast)--- TIP 7: You can help support the PostgreSQL project by donating at http://www.postgresql.org/about/donate
Re: [HACKERS] whats the deal with -u ?
On Monday 10 December 2007 10:16, Tom Lane wrote:
Further down the road, those whose notion of intuitive was formed
by mysql might lobby to have -u become an alternate spelling for -U,
crontab, truss, sudo, ps, strace, top, etc...
--
Robert Treat
Build A Brighter LAMP :: Linux Apache {middleware} PostgreSQL
---(end of broadcast)---
TIP 6: explain analyze is your friend
[HACKERS] whats the deal with -u ?
[EMAIL PROTECTED]:~$ ~rob/devel/postgresql/83/bin/psql -h localhost -u rob -p
5483]
psql: Warning: The -u option is deprecated. Use -U.
User name: rob
Password for user :
Welcome to psql 8.3beta2, the PostgreSQL interactive terminal.
1) I don't recall why -u was ever deprecated (and honestly postgresql is the
only program I know which uses -U rather than -u) but maybe we should revert
to -u and deprecate -U instread?
2) in any case, if you use -u for some reason it messes up the Password for
user line. In my terminal it gives me a square which doesnt show up in my
email, but in any case is there some reason it can't print out the proper
user name (maybe some encoding issue?)
3) as far back as I can remember, -u has been deprecated, so if we dont want
to revert to it (see 1) maybe it should just be removed entirely?
--
Robert Treat
Build A Brighter LAMP :: Linux Apache {middleware} PostgreSQL
---(end of broadcast)---
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
Re: [HACKERS] whats the deal with -u ?
Robert Treat wrote: [EMAIL PROTECTED]:~$ ~rob/devel/postgresql/83/bin/psql -h localhost -u rob -p 5483] psql: Warning: The -u option is deprecated. Use -U. User name: rob Password for user : Welcome to psql 8.3beta2, the PostgreSQL interactive terminal. 1) I don't recall why -u was ever deprecated (and honestly postgresql is the only program I know which uses -U rather than -u) but maybe we should revert to -u and deprecate -U instread? 2) in any case, if you use -u for some reason it messes up the Password for user line. In my terminal it gives me a square which doesnt show up in my email, but in any case is there some reason it can't print out the proper user name (maybe some encoding issue?) 3) as far back as I can remember, -u has been deprecated, so if we dont want to revert to it (see 1) maybe it should just be removed entirely? As I recall -u actually used a different mechanism to authenticate versus -U. In fact I think it was a security hole that changed it but it was a LONG time ago. I would agree that one or the other needs to be removed. Unfortunately -U has been the way it is for several releases now so I can't see us going back to -u regardless of how logical it may be. Joshua D. Drake ---(end of broadcast)--- TIP 6: explain analyze is your friend
Re: [HACKERS] whats the deal with -u ?
Robert Treat [EMAIL PROTECTED] writes: 1) I don't recall why -u was ever deprecated (and honestly postgresql is the only program I know which uses -U rather than -u) but maybe we should revert to -u and deprecate -U instread? You appear to think that -u and -U are supposed to be equivalent. You are incorrect. -u forces prompts for username and password. regards, tom lane ---(end of broadcast)--- TIP 2: Don't 'kill -9' the postmaster
Re: [HACKERS] whats the deal with -u ?
On Sunday 09 December 2007 13:33, Tom Lane wrote:
Robert Treat [EMAIL PROTECTED] writes:
1) I don't recall why -u was ever deprecated (and honestly postgresql is
the only program I know which uses -U rather than -u) but maybe we should
revert to -u and deprecate -U instread?
You appear to think that -u and -U are supposed to be equivalent.
You are incorrect. -u forces prompts for username and password.
Ah, you're right, I didn't realize that (probably because nothing in the
warnings seem to indicate that). However I think all of my questions still
remain valid, if not becoming even further re-encforced:
[EMAIL PROTECTED]:~$ ~rob/devel/postgresql/83/bin/psql -h localhost -u -p 5483
psql: Warning: The -u option is deprecated. Use -U.
If I wanted to prompt for a username, why is it telling me to use -U? If
we've deemed that's not a valid behavior to want, see questions 1,2 3 from
upthread :-)
--
Robert Treat
Build A Brighter LAMP :: Linux Apache {middleware} PostgreSQL
---(end of broadcast)---
TIP 7: You can help support the PostgreSQL project by donating at
http://www.postgresql.org/about/donate
Re: [HACKERS] whats the deal with -u ?
I don't remember why it's deprecated. These days it seems to use the same prompting mechanism as we use for passwords, so hopefully there is no security risk. Maybe it should be un-deprecated? I'd tend to take out the forced password prompt if we did, though. regards, tom lane ---(end of broadcast)--- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [HACKERS] whats the deal with -u ?
I wrote: I don't remember why it's deprecated. Some trawling of the CVS logs shows that the deprecation notice was added by Peter here: 2000-01-14 17:18 petere * doc/src/sgml/ref/psql-ref.sgml, src/bin/psql/command.c, src/bin/psql/command.h, src/bin/psql/common.c, src/bin/psql/common.h, src/bin/psql/copy.c, src/bin/psql/copy.h, src/bin/psql/describe.c, src/bin/psql/describe.h, src/bin/psql/help.c, src/bin/psql/help.h, src/bin/psql/input.c, src/bin/psql/input.h, src/bin/psql/large_obj.c, src/bin/psql/large_obj.h, src/bin/psql/mainloop.c, src/bin/psql/mainloop.h, src/bin/psql/prompt.c, src/bin/psql/prompt.h, src/bin/psql/settings.h, src/bin/psql/startup.c: Fixed psql variables vs array syntax, as well as minor psql enhancements but I failed to find any discussion about the reason in the archives. Peter? regards, tom lane ---(end of broadcast)--- TIP 6: explain analyze is your friend
Re: [HACKERS] whats the deal with -u ?
Tom Lane [EMAIL PROTECTED] writes: I don't remember why it's deprecated. The manual explains it: -u Forces psql to prompt for the user name and password before connecting to the database. This option is deprecated, as it is conceptually flawed. (Prompting for a non-default user name and prompting for a password because the server requires it are really two different things.) You are encouraged to look at the -U and -W options instead. -- Gregory Stark EnterpriseDB http://www.enterprisedb.com Ask me about EnterpriseDB's 24x7 Postgres support! ---(end of broadcast)--- TIP 7: You can help support the PostgreSQL project by donating at http://www.postgresql.org/about/donate
Re: [HACKERS] whats the deal with -u ?
Gregory Stark [EMAIL PROTECTED] writes: Tom Lane [EMAIL PROTECTED] writes: I don't remember why it's deprecated. The manual explains it: This option is deprecated, as it is conceptually flawed. (Prompting for a non-default user name and prompting for a password because the server requires it are really two different things.) You are encouraged to look at the -U and -W options instead. Hmm. The point about the forced password prompt is certainly valid, but I see nothing wrong with the idea of having an option to prompt for the username. What if we just took out the forced password prompt, on the grounds that you can get that with -u -W if you want it? regards, tom lane ---(end of broadcast)--- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
Re: [HACKERS] whats the deal with -u ?
Tom Lane wrote: Gregory Stark [EMAIL PROTECTED] writes: The manual explains it: This option is deprecated, as it is conceptually flawed. (Prompting for a non-default user name and prompting for a password because the server requires it are really two different things.) You are encouraged to look at the -U and -W options instead. Hmm. The point about the forced password prompt is certainly valid, but I see nothing wrong with the idea of having an option to prompt for the username. What if we just took out the forced password prompt, on the grounds that you can get that with -u -W if you want it? Yes, undeprecating it then makes sense. I have never understood what's the point of having an option to force a password prompt. I wonder why don't we deprecate -W? -- Alvaro Herrerahttp://www.advogato.org/person/alvherre Cada quien es cada cual y baja las escaleras como quiere (JMSerrat) ---(end of broadcast)--- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [HACKERS] whats the deal with -u ?
Alvaro Herrera [EMAIL PROTECTED] writes: I have never understood what's the point of having an option to force a password prompt. I wonder why don't we deprecate -W? It's not *completely* useless, because you only need one connection attempt not two --- normally, psql gets rejected once before figuring out that it must ask for a password. You can imagine scenarios with slow internet connections, or a badly overloaded database, where it might be worth the keystrokes to type -W. OTOH, you can also avoid the two-attempts syndrome with a ~/.pgpass file. On balance I'm not for deprecating it, but pointing out that it's normally useless doesn't seem out of line... regards, tom lane ---(end of broadcast)--- TIP 7: You can help support the PostgreSQL project by donating at http://www.postgresql.org/about/donate
Re: [HACKERS] whats the deal with -u ?
Alvaro Herrera wrote: Tom Lane wrote: Gregory Stark [EMAIL PROTECTED] writes: The manual explains it: This option is deprecated, as it is conceptually flawed. (Prompting for a non-default user name and prompting for a password because the server requires it are really two different things.) You are encouraged to look at the -U and -W options instead. Hmm. The point about the forced password prompt is certainly valid, but I see nothing wrong with the idea of having an option to prompt for the username. What if we just took out the forced password prompt, on the grounds that you can get that with -u -W if you want it? Yes, undeprecating it then makes sense. I have never understood what's the point of having an option to force a password prompt. I wonder why don't we deprecate -W? As I recall there was a bug under very specific circumstances that a password prompt would not appear. Thus we added the option for -W. Sincerely, Joshua D. Drake ---(end of broadcast)--- TIP 7: You can help support the PostgreSQL project by donating at http://www.postgresql.org/about/donate
Re: [HACKERS] whats the deal with -u ?
Tom Lane [EMAIL PROTECTED] writes: Alvaro Herrera [EMAIL PROTECTED] writes: I have never understood what's the point of having an option to force a password prompt. I wonder why don't we deprecate -W? It's not *completely* useless, because you only need one connection attempt not two --- normally, psql gets rejected once before figuring out that it must ask for a password. Hm, I wonder if this fixes one of the annoyances of kerberos support. If you have kerberos tickets psql uses the principal name from them rather than your unix username. If you don't actually use kerberos authentication for your postgres server then that means you have to specify the user on the command line all the time. Don't actually have a psql built with kerberos authentication handy but I'll try to remember to test this the next time I do. -- Gregory Stark EnterpriseDB http://www.enterprisedb.com Get trained by Bruce Momjian - ask me about EnterpriseDB's PostgreSQL training! ---(end of broadcast)--- TIP 7: You can help support the PostgreSQL project by donating at http://www.postgresql.org/about/donate
Re: [HACKERS] whats the deal with -u ?
Gregory Stark wrote: Tom Lane [EMAIL PROTECTED] writes: Alvaro Herrera [EMAIL PROTECTED] writes: I have never understood what's the point of having an option to force a password prompt. I wonder why don't we deprecate -W? It's not *completely* useless, because you only need one connection attempt not two --- normally, psql gets rejected once before figuring out that it must ask for a password. Hm, I wonder if this fixes one of the annoyances of kerberos support. If you have kerberos tickets psql uses the principal name from them rather than your unix username. If you don't actually use kerberos authentication for your postgres server then that means you have to specify the user on the command line all the time. Huh, isn't this solved by just setting PGUSER? (In any case I doubt -W has any effect on it.) -- Alvaro Herrera Valdivia, Chile ICBM: S 39º 49' 18.1, W 73º 13' 56.4 La vida es para el que se aventura ---(end of broadcast)--- TIP 2: Don't 'kill -9' the postmaster
Re: [HACKERS] whats the deal with -u ?
Joshua D. Drake [EMAIL PROTECTED] writes: As I recall there was a bug under very specific circumstances that a password prompt would not appear. Thus we added the option for -W. I don't see any evidence for that theory in the CVS logs .. Peter seems to have invented -W out of whole cloth. regards, tom lane ---(end of broadcast)--- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
