Re: sunsetting md5 password support
Nathan Bossart <nathandbossart@gmail.com>
From: Nathan Bossart <nathandbossart@gmail.com>
To: Andrew Dunstan <andrew@dunslane.net>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Heikki Linnakangas <hlinnaka@iki.fi>, pgsql-hackers@postgresql.org
Date: 2024-10-16T15:30:11Z
Lists: pgsql-hackers
Attachments
- v2-0001-Deprecate-MD5-passwords.patch (text/plain)
On Fri, Oct 11, 2024 at 04:36:27PM -0500, Nathan Bossart wrote: > Here is a first attempt at a patch for marking MD5 passwords as deprecated. > It's quite bare-bones at the moment, so I anticipate future revisions will > add more content. Besides sprinkling several deprecation notices > throughout the documentation, this patch teaches CREATE ROLE and ALTER ROLE > to emit warnings when setting MD5 passwords. A new GUC named > md5_password_warnings can be set to "off" to disable these warnings. I > considered adding even more warnings (e.g., when authenticating), but I > felt that would be far too noisy. In v2, I've added an entry for the new md5_password_warnings GUC to the documentation, and I've simplified the passwordcheck test changes a bit. -- nathan
Commits
-
Deprecate MD5 passwords.
- db6a4a985bc0 18.0 landed