Re: initdb recommendations

Noah Misch <noah@leadboat.com>

From: Noah Misch <noah@leadboat.com>
To: Magnus Hagander <magnus@hagander.net>
Cc: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>, "Jonathan S. Katz" <jkatz@postgresql.org>
Date: 2019-05-24T15:23:57Z
Lists: pgsql-hackers, pgsql-docs
On Thu, May 23, 2019 at 06:56:49PM +0200, Magnus Hagander wrote:
> On Thu, May 23, 2019, 18:54 Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote:
> > To recap, the idea here was to change the default authentication methods
> > that initdb sets up, in place of "trust".
> >
> > I think the ideal scenario would be to use "peer" for local and some
> > appropriate password method (being discussed elsewhere) for host.
> >
> > Looking through the buildfarm, I gather that the only platforms that
> > don't support peer are Windows, AIX, and HP-UX.  I think we can probably
> > figure out some fallback or alternative default for the latter two
> > platforms without anyone noticing.  But what should the defaults be on
> > Windows?  It doesn't have local sockets, so the lack of peer wouldn't
> > matter.  But is it OK to default to a password method, or would that
> > upset people particularly?
> 
> I'm sure password would be fine there. It's what "everybody else" does
> (well sqlserver also cord integrated security, but people are used to it).

Our sspi auth is a more-general version of peer auth, and it works over TCP.
It would be a simple matter of programming to support "peer" on Windows,
consisting of sspi auth with an implicit pg_ident map.  Nonetheless, I agree
password would be fine.



Commits

  1. initdb: Change authentication defaults