Re: scram and \password

Jeff Janes <jeff.janes@gmail.com>

From: Jeff Janes <jeff.janes@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Joe Conway <mail@joeconway.com>, Heikki Linnakangas <hlinnaka@iki.fi>, Robert Haas <robertmhaas@gmail.com>, Michael Paquier <michael.paquier@gmail.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2017-03-14T20:48:49Z
Lists: pgsql-hackers
On Tue, Mar 14, 2017 at 8:40 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:

> Joe Conway <mail@joeconway.com> writes:
>
> > I was also thinking about that. Basically a primary method and a
> > fallback. If that were the case, a gradual transition could happen, and
> > if we want \password to enforce best practice it would be ok.
>
> Why exactly would anyone want "md5 only"?  I should think that "scram
> only" is a sensible pg_hba setting, if the DBA feels that md5 is too
> insecure, but I do not see the point of "md5 only" in 2017.  I think
> we should just start interpreting that as "md5 or better".
>

Without md5-only, a user who uses \password to change their password from a
newer client would lock themselves out of connecting again from older
clients.  As a conscious decision (either of the DBA or the user) that
would be OK, but to have it happen by default would be unfortunate.

Cheers,

Jeff

Commits

  1. Add PQencryptPasswordConn function to libpq, use it in psql and createuser.

  2. Allow SCRAM authentication, when pg_hba.conf says 'md5'.