diff options
Diffstat (limited to 'src/backend')
| -rw-r--r-- | src/backend/commands/user.c | 2 | ||||
| -rw-r--r-- | src/backend/utils/misc/guc.c | 11 | ||||
| -rw-r--r-- | src/backend/utils/misc/postgresql.conf.sample | 2 |
3 files changed, 3 insertions, 12 deletions
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index 1ef00d6e895..9ce9a669218 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -43,7 +43,7 @@ Oid binary_upgrade_next_pg_authid_oid = InvalidOid; /* GUC parameter */ -int Password_encryption = PASSWORD_TYPE_MD5; +int Password_encryption = PASSWORD_TYPE_SCRAM_SHA_256; /* Hook to check passwords in CreateRole() and AlterRole() */ check_password_hook_type check_password_hook = NULL; diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index 17c15348efc..28b2fc72d64 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -463,18 +463,9 @@ static const struct config_enum_entry plan_cache_mode_options[] = { {NULL, 0, false} }; -/* - * password_encryption used to be a boolean, so accept all the likely - * variants of "on", too. "off" used to store passwords in plaintext, - * but we don't support that anymore. - */ static const struct config_enum_entry password_encryption_options[] = { {"md5", PASSWORD_TYPE_MD5, false}, {"scram-sha-256", PASSWORD_TYPE_SCRAM_SHA_256, false}, - {"on", PASSWORD_TYPE_MD5, true}, - {"true", PASSWORD_TYPE_MD5, true}, - {"yes", PASSWORD_TYPE_MD5, true}, - {"1", PASSWORD_TYPE_MD5, true}, {NULL, 0, false} }; @@ -4733,7 +4724,7 @@ static struct config_enum ConfigureNamesEnum[] = NULL }, &Password_encryption, - PASSWORD_TYPE_MD5, password_encryption_options, + PASSWORD_TYPE_SCRAM_SHA_256, password_encryption_options, NULL, NULL, NULL }, diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample index ac02bd0c00a..3a25287a391 100644 --- a/src/backend/utils/misc/postgresql.conf.sample +++ b/src/backend/utils/misc/postgresql.conf.sample @@ -88,7 +88,7 @@ # - Authentication - #authentication_timeout = 1min # 1s-600s -#password_encryption = md5 # md5 or scram-sha-256 +#password_encryption = scram-sha-256 # scram-sha-256 or md5 #db_user_namespace = off # GSSAPI using Kerberos |