Change default of password_encryption to scram-sha-256

Also, the legacy values on/true/yes/1 for password_encryption that mapped to md5 are removed. The only valid values are now scram-sha-256 and md5. Reviewed-by: Jonathan S. Katz <jkatz@postgresql.org> Discussion: https://www.postgresql.org/message-id/flat/d5b0ad33-7d94-bdd1-caac-43a1c782cab2%402ndquadrant.com
2025-07-27 12:41:57 +03:00 · 2020-06-10 16:16:37 +02:00
parent 5a4ada71a8
commit c7eab0e97e
7 changed files with 23 additions and 31 deletions
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@ -1013,11 +1013,11 @@ include_dir 'conf.d'
      <listitem>
       <para>
        When a password is specified in <xref linkend="sql-createrole"/> or
-        <xref linkend="sql-alterrole"/>, this parameter determines the algorithm
-        to use to encrypt the password. The default value is <literal>md5</literal>,
-        which stores the password as an MD5 hash (<literal>on</literal> is also
-        accepted, as alias for <literal>md5</literal>). Setting this parameter to
-        <literal>scram-sha-256</literal> will encrypt the password with SCRAM-SHA-256.
+        <xref linkend="sql-alterrole"/>, this parameter determines the
+        algorithm to use to encrypt the password.  Possible values are
+        <literal>scram-sha-256</literal>, which will encrypt the password with
+        SCRAM-SHA-256, and <literal>md5</literal>, which stores the password
+        as an MD5 hash.  The default is <literal>scram-sha-256</literal>.
       </para>
       <para>
        Note that older clients might lack support for the SCRAM authentication