Greetings, * Jonathan S. Katz (jk...@postgresql.org) wrote: > On 5/24/19 8:33 AM, Stephen Frost wrote: > > We need to provide better documentation about how to get from md5 to > > SCRAM, in my view. I'm not sure where that should live, exactly. > > I really wish we had put more effort into making the migration easy to > > do over a period of time, and we might actually have to do that before > > the packagers would be willing to make that change. > > +100...I think we should do this regardless, and I was already thinking > of writing something up around it. I would even suggest that we have > said password upgrade documentation backpatched to 10.
Not sure that backpatching is necessary, but I'm not actively against it. What I was really getting at though was the ability to have multiple authenticator tokens active concurrently (eg: md5 AND SCRAM), with an ability to use either one (idk, md5_or_scram auth method?), and then automatically set both on password change until everything is using SCRAM and then remove all MD5 stuff. Or something along those lines. In other words, I'm talking about new development work to ease the migration (while also providing some oft asked about features, like the ability to do rolling passwords...). Thanks, Stephen
signature.asc
Description: PGP signature
