Re: sunsetting md5 password support

Greg Sabino Mullane <htamfids@gmail.com>

From: Greg Sabino Mullane <htamfids@gmail.com>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: Jim Nasby <jnasby@upgrade.com>, Andrew Dunstan <andrew@dunslane.net>, Tom Lane <tgl@sss.pgh.pa.us>, Heikki Linnakangas <hlinnaka@iki.fi>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2024-11-20T15:56:11Z
Lists: pgsql-hackers
On Tue, Nov 19, 2024 at 8:55 PM Nathan Bossart <nathandbossart@gmail.com>
wrote:

> * Expand the documentation.  Perhaps we could add a step-by-step guide
> for migrating to SCRAM-SHA-256 since more users will need to do so when
> MD5 password support is removed.
> * Remove the hint.  It's arguably doing little more than pointing out the
> obvious, and it doesn't actually tell users where in the documentation
> to look for this information, anyway.
>

I think both ideally, but maybe just the hint removal for this patch?

On the other hand, "change your password and update pg_hba.conf" is pretty
much all you need, so not sure how detailed we want to get. :)

Cheers,
Greg

Commits

  1. Deprecate MD5 passwords.