v.22.3Improvement
New Settings for Server Configuration: allow_plaintext_password and allow_no_password
A new settings calledallow_plaintext_passwordandallow_no_passwordare added in server configuration which turn on/off authentication types that can be potentially insecure in some environments. They are allowed by default. #34738 (Heena Bansal).
Why it matters
These settings provide administrators with the ability to enable or disable plaintext password and no-password authentication to enhance security in sensitive environments where such methods may pose a risk.How to use it
Configure the server settingsallow_plaintext_password and allow_no_password in the ClickHouse server configuration file. By default, both settings are enabled. To disable insecure authentication methods, set these to false.