From: Noah Misch Date: Fri, 18 Jul 2014 20:05:17 +0000 (-0400) Subject: Limit pg_upgrade authentication advice to always-secure techniques. X-Git-Tag: REL9_5_ALPHA1~1709 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=85f95739ec0c2d9c6afb10d9a0b42732191fbbde;p=postgresql Limit pg_upgrade authentication advice to always-secure techniques. ~/.pgpass is a sound choice everywhere, and "peer" authentication is safe on every platform it supports. Cease to recommend "trust" authentication, the safety of which is deeply configuration-specific. Back-patch to 9.0, where pg_upgrade was introduced. --- diff --git a/doc/src/sgml/pgupgrade.sgml b/doc/src/sgml/pgupgrade.sgml index afb2ff4fbb..b5267b69d8 100644 --- a/doc/src/sgml/pgupgrade.sgml +++ b/doc/src/sgml/pgupgrade.sgml @@ -288,10 +288,9 @@ make prefix=/usr/local/pgsql.new install Adjust authentication - pg_upgrade will connect to the old and new servers several times, - so you might want to set authentication to trust - or peer in pg_hba.conf, or if using - md5 authentication, use a ~/.pgpass file + pg_upgrade will connect to the old and new servers several + times, so you might want to set authentication to peer + in pg_hba.conf or use a ~/.pgpass file (see ). @@ -406,10 +405,9 @@ pg_upgrade.exe Restore <filename>pg_hba.conf</> - If you modified pg_hba.conf to use trust, - restore its original authentication settings. It might also be - necessary to adjust other configurations files in the new cluster to - match the old cluster, e.g. postgresql.conf. + If you modified pg_hba.conf, restore its original settings. + It might also be necessary to adjust other configuration files in the new + cluster to match the old cluster, e.g. postgresql.conf.