Re: sunsetting md5 password support

Nathan Bossart <nathandbossart@gmail.com>

From: Nathan Bossart <nathandbossart@gmail.com>
To: Andrew Dunstan <andrew@dunslane.net>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Heikki Linnakangas <hlinnaka@iki.fi>, pgsql-hackers@postgresql.org
Date: 2024-10-11T21:36:27Z
Lists: pgsql-hackers

Attachments

On Fri, Oct 11, 2024 at 09:47:58AM -0400, Andrew Dunstan wrote:
> On 2024-10-10 Th 6:28 PM, Tom Lane wrote:
>> On the whole I agree with Heikki's comment that we should just
>> do it (disallow MD5, full stop) whenever we feel that enough
>> time has passed.  These intermediate states are mostly going to
>> add headaches.  Maybe we could do something with an intermediate
>> release that just emits warnings, without any feature changes.
> 
> I also agree with this.

Here is a first attempt at a patch for marking MD5 passwords as deprecated.
It's quite bare-bones at the moment, so I anticipate future revisions will
add more content.  Besides sprinkling several deprecation notices
throughout the documentation, this patch teaches CREATE ROLE and ALTER ROLE
to emit warnings when setting MD5 passwords.  A new GUC named
md5_password_warnings can be set to "off" to disable these warnings.  I
considered adding even more warnings (e.g., when authenticating), but I
felt that would be far too noisy.

-- 
nathan

Commits

  1. Deprecate MD5 passwords.