Re: add warning upon successful md5 password auth

Nathan Bossart <nathandbossart@gmail.com>

From: Nathan Bossart <nathandbossart@gmail.com>
To: Andreas Karlsson <andreas@proxel.se>
Cc: pgsql-hackers@postgresql.org, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2026-02-17T17:05:38Z
Lists: pgsql-hackers

Attachments

On Tue, Feb 17, 2026 at 07:08:17AM +0100, Andreas Karlsson wrote:
> After thinking more on the subject I have come around. I think warning spam
> (that can be disabled) is fine and why not introduce it directly in 19?

WFM

> As for the patch itself I think it looks good, but I am not a fan of the
> test code. Why not simply write like the below?
> 
> 	test_conn($node, 'user=md5_role', 'md5', 0,
> 		log_like =>
> 		  [qr/connection authenticated: identity="md5_role" method=md5/],
> 		expected_stderr =>
> 		  [qr/authenticated with an MD5-encrypted password/])

No good reason.  I've updated the patch.

-- 
nathan

Commits

  1. Warn upon successful MD5 password authentication.

  2. Add password expiration warnings.