On 19/12/2025 17:14, Fujii Masao wrote:
On Fri, Dec 19, 2025 at 5:53 PM John Naylor <[email protected]> wrote:
On Thu, Dec 18, 2025 at 2:31 PM Mikael Gustavsson
<[email protected]> wrote:
This patch updates some examples in documentation client-auth.sgml from md5 to
scram-sha-256
Reference:
https://www.postgresql.org/message-id/176595607507.978865.11597773194269211255%40wrigleys.postgresql.org
Pushed and backpatched to PG18, thanks!
This change made me wonder whether we should also update the
pg_hba.conf examples
in high-availability.sgml and logical-replication.sgml. I've attached
a patch for that. Thoughts?
+1
Let's update this example in createuser.sgml too while we're at it:
<para>
To create the user <literal>joe</literal> as a superuser,
and assign a password immediately:
<screen>
<prompt>$ </prompt><userinput>createuser -P -s -e joe</userinput>
<computeroutput>Enter password for new role:
</computeroutput><userinput>xyzzy</userinput>
<computeroutput>Enter it again: </computeroutput><userinput>xyzzy</userinput>
<computeroutput>CREATE ROLE joe PASSWORD 'md5b5f5ba1a423792b526f799ae4eb3d59e'
SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN;</computeroutput>
</screen>
In the above example, the new password isn't actually echoed when typed,
but we show what was typed for clarity. As you see, the password is
encrypted before it is sent to the client.
</para>
I get this output for that command now:
$ createuser -P -s -e joe
Enter password for new role:
Enter it again:
SELECT pg_catalog.set_config('search_path', '', false);
CREATE ROLE joe PASSWORD
'SCRAM-SHA-256$4096:vrJL1JVwK9VyDQ+XmGk2lg==$K32pX1bdFx3J+LeBcFpUOmaBnIUIduAexL+ufLYz/MI=:O6gxeGemIC3wbqEWMZXKAMOnQ5A1hM07nEu7KeSrEiE='
SUPERUSER CREATEDB CREATEROLE INHERIT LOGIN NOREPLICATION NOBYPASSRLS;
- Heikki
