Re: initdb recommendations
Julien Rouhaud <rjuju123@gmail.com>
From: Julien Rouhaud <rjuju123@gmail.com>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>,
Noah Misch <noah@leadboat.com>, Magnus Hagander <magnus@hagander.net>,
"Jonathan S. Katz" <jkatz@postgresql.org>
Date: 2019-07-11T19:34:25Z
Lists: pgsql-hackers, pgsql-docs
On Tue, Jun 18, 2019 at 10:33 PM Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote: > > On 2019-05-23 18:54, Peter Eisentraut wrote: > > To recap, the idea here was to change the default authentication methods > > that initdb sets up, in place of "trust". > > > > I think the ideal scenario would be to use "peer" for local and some > > appropriate password method (being discussed elsewhere) for host. I'm also personally all for that change. > Patch for that attached. Patch applies and compiles cleanly, same for documentation. The change works as intended, so I don't have much to say. > Note that with this change, running initdb without arguments will now > error on those platforms: You need to supply either a password or select > a different default authentication method. Should we make this explicitly stated in the documentation? As a reference, it's saying: The default client authentication setup is such that users can connect over the Unix-domain socket to the same database user name as their operating system user names (on operating systems that support this, which are most modern Unix-like systems, but not Windows) and otherwise with a password. To assign a password to the initial database superuser, use one of initdb's -W, --pwprompt or -- pwfile options.
Commits
-
initdb: Change authentication defaults
- 09f08930f0f6 13.0 landed