Re: sunsetting md5 password support
Greg Sabino Mullane <htamfids@gmail.com>
From: Greg Sabino Mullane <htamfids@gmail.com>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: pgsql-hackers@postgresql.org
Date: 2024-10-09T20:31:01Z
Lists: pgsql-hackers
Big +1 to the idea, but it's not going to be pretty; there is a lot of baked-in MD5 stuff around. > 2. In v19, allow upgrading with MD5 passwords and allow authenticating > with them, but disallow creating new ones (i.e., restrict/remove > password_encryption and don't allow setting pre-hashed MD5 passwords). > Certainly not remove it, that would break lots of things. Perhaps one release with a strong warning when md5 is used, that cannot be disabled, then disallow new ones? > 3. In v20, allow upgrading with MD5 passwords, but disallow using them > for authentication. Again, maybe a release that complains real loudly but still allows it? > 4. In v21, disallow upgrading with MD5 passwords. You mean having pg_upgrade refuse to go on? Or maybe have it empty the passwords out? Cheers, Greg
Commits
-
Deprecate MD5 passwords.
- db6a4a985bc0 18.0 landed