Re: sunsetting md5 password support
Laurenz Albe <laurenz.albe@cybertec.at>
From: Laurenz Albe <laurenz.albe@cybertec.at>
To: Tom Lane <tgl@sss.pgh.pa.us>, Jesper Pedersen
<jesper.pedersen@comcast.net>
Cc: Heikki Linnakangas <hlinnaka@iki.fi>, Bruce Momjian <bruce@momjian.us>,
Jelte Fennema-Nio <postgres@jeltef.nl>, Nathan Bossart <nathandbossart@gmail.com>, pgsql-hackers@postgresql.org
Date: 2024-10-11T06:50:49Z
Lists: pgsql-hackers
On Thu, 2024-10-10 at 18:39 -0400, Tom Lane wrote: > Jesper Pedersen <jesper.pedersen@comcast.net> writes: > > On 10/10/24 5:45 PM, Heikki Linnakangas wrote: > > > Note that some authentication methods like LDAP and Radius use > > > "password" authentication on the wire. > > > Please, deprecate - aka remove - old methods. > > All client libraries have caught up, and if they havn't then it their > > issue not Core. > > It's not the libraries that are the problem. It's the users that > want to use these auth methods --- perhaps even are required to > by dubiously-well-thought-out corporate policies. A voice from the field: I know at least one application out there (that is used by more than one customer) that implemented the line protocol by itself, back in the days when "crypt" authentication still existed. So they support "crypt" and "password", and now that PostgreSQL has removed "crypt", the users are stuck with "password"... Actually, that may be a good reason to deprecate "password", because then the vendor might get motivated to remedy that malady. On the other hand, you can expect some protest... Yours, Laurenz Albe
Commits
-
Deprecate MD5 passwords.
- db6a4a985bc0 18.0 landed