Re: initdb recommendations
Jonathan S. Katz <jkatz@postgresql.org>
From: "Jonathan S. Katz" <jkatz@postgresql.org>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>,
pgsql-hackers <pgsql-hackers@postgresql.org>
Cc: Noah Misch <noah@leadboat.com>, Magnus Hagander <magnus@hagander.net>
Date: 2019-05-23T22:47:04Z
Lists: pgsql-hackers, pgsql-docs
On 5/23/19 12:54 PM, Peter Eisentraut wrote: > On 2019-04-06 20:08, Noah Misch wrote: >>>> I think we should just change the defaults. There is a risk of warning >>>> fatigue. initdb does warn about this, so anyone who cared could have >>>> gotten the information. >>>> >>> >>> I've been suggesting that for years, so definite strong +1 for doing that. >> >> +1 > > To recap, the idea here was to change the default authentication methods > that initdb sets up, in place of "trust". > > I think the ideal scenario would be to use "peer" for local and some > appropriate password method (being discussed elsewhere) for host. +1. > Looking through the buildfarm, I gather that the only platforms that > don't support peer are Windows, AIX, and HP-UX. I think we can probably > figure out some fallback or alternative default for the latter two > platforms without anyone noticing. But what should the defaults be on > Windows? It doesn't have local sockets, so the lack of peer wouldn't > matter. But is it OK to default to a password method, or would that > upset people particularly? +1 for password method. Definitely better than trust :) Jonathan
Commits
-
initdb: Change authentication defaults
- 09f08930f0f6 13.0 landed