From: Noah Misch Date: Fri, 18 Jul 2014 20:05:17 +0000 (-0400) Subject: Limit pg_upgrade authentication advice to always-secure techniques. X-Git-Tag: REL9_2_9~5 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9cef05e0f53933ab54a99224fcba5ab2abf2b8a8;p=thirdparty%2Fpostgresql.git Limit pg_upgrade authentication advice to always-secure techniques. ~/.pgpass is a sound choice everywhere, and "peer" authentication is safe on every platform it supports. Cease to recommend "trust" authentication, the safety of which is deeply configuration-specific. Back-patch to 9.0, where pg_upgrade was introduced. --- diff --git a/doc/src/sgml/pgupgrade.sgml b/doc/src/sgml/pgupgrade.sgml index c628b49d8b1..2a3844984fb 100644 --- a/doc/src/sgml/pgupgrade.sgml +++ b/doc/src/sgml/pgupgrade.sgml @@ -280,10 +280,9 @@ gmake prefix=/usr/local/pgsql.new install Adjust authentication - pg_upgrade will connect to the old and new servers several times, - so you might want to set authentication to trust - or peer in pg_hba.conf, or if using - md5 authentication, use a ~/.pgpass file + pg_upgrade will connect to the old and new servers several + times, so you might want to set authentication to peer + in pg_hba.conf or use a ~/.pgpass file (see ). @@ -390,10 +389,9 @@ pg_upgrade.exe Restore <filename>pg_hba.conf</> - If you modified pg_hba.conf to use trust, - restore its original authentication settings. It might also be - necessary to adjust other configurations files in the new cluster to - match the old cluster, e.g. postgresql.conf. + If you modified pg_hba.conf, restore its original settings. + It might also be necessary to adjust other configuration files in the new + cluster to match the old cluster, e.g. postgresql.conf.