On Thu, May 23, 2019, 18:54 Peter Eisentraut < peter.eisentr...@2ndquadrant.com> wrote:
> On 2019-04-06 20:08, Noah Misch wrote: > >>> I think we should just change the defaults. There is a risk of warning > >>> fatigue. initdb does warn about this, so anyone who cared could have > >>> gotten the information. > >>> > >> > >> I've been suggesting that for years, so definite strong +1 for doing > that. > > > > +1 > > To recap, the idea here was to change the default authentication methods > that initdb sets up, in place of "trust". > > I think the ideal scenario would be to use "peer" for local and some > appropriate password method (being discussed elsewhere) for host. > > Looking through the buildfarm, I gather that the only platforms that > don't support peer are Windows, AIX, and HP-UX. I think we can probably > figure out some fallback or alternative default for the latter two > platforms without anyone noticing. But what should the defaults be on > Windows? It doesn't have local sockets, so the lack of peer wouldn't > matter. But is it OK to default to a password method, or would that > upset people particularly? > I'm sure password would be fine there. It's what "everybody else" does (well sqlserver also cord integrated security, but people are used to it). /Magnus
