search

yugabyte / yugabyte-db

YugabyteDB - the cloud native distributed SQL database for mission-critical applications.
https://www.yugabyte.com
Other
8.93k stars 1.06k forks source link

Add YSQL flag for setting password encryption #5385

Open stevebang opened 4 years ago

stevebang commented 4 years ago

Jira Link: DB-1539 To use the SCRAM-SHA-256 authentication method for encrypting passwords and authenticating connections, users currently must use the --ysql_pg_conf flag to set password_encryption to scram-sha-256. We should add a flag, perhaps --ysql_password_encryption, so that YSQL users can manage YSQL authentication. YugabyteDB supports only MD5 (the default) and SCRAM-SHA-256 encryption, this could be simplified further by creating a flag like --ysql_use_scram-sha-256 or --ysql_enable_scram+authentication.

stevebang commented 4 years ago

Another consideration would be to make SCRAM-SHA-256 the default — see the issue filed recently by @iSignal: https://github.com/yugabyte/yugabyte-db/issues/4138.

nocaway commented 4 years ago

@stevebang If we add a flag, it should be "ysql_default_password_encryption". Users can set it to what they want, but factory default setting is MD5.