Open stevebang opened 4 years ago
Another consideration would be to make SCRAM-SHA-256 the default — see the issue filed recently by @iSignal: https://github.com/yugabyte/yugabyte-db/issues/4138.
@stevebang If we add a flag, it should be "ysql_default_password_encryption". Users can set it to what they want, but factory default setting is MD5.
Jira Link: DB-1539 To use the SCRAM-SHA-256 authentication method for encrypting passwords and authenticating connections, users currently must use the
--ysql_pg_conf
flag to setpassword_encryption
toscram-sha-256
. We should add a flag, perhaps--ysql_password_encryption
, so that YSQL users can manage YSQL authentication. YugabyteDB supports only MD5 (the default) and SCRAM-SHA-256 encryption, this could be simplified further by creating a flag like--ysql_use_scram-sha-256
or--ysql_enable_scram+authentication
.