Am 28.05.21 um 18:31 schrieb Nikhil Shetty:
> Hi,
>
> Thank you for your feedback Jonathan, Laurenz and Holger. I am
> thinking of using the below approach which will give users more
> control of when to change "application-user" password.
>
> Is there any drawback if the user uses below steps to change their
> password?
>
> 1. alter user set password_encryption to 'scram-sha-256' 2. In a new
> session, users can change their passwords
>
> Finally, once all users have changed password, set password_encryption
> at instance level, make changes in pg_hba and reload.
>
> To use the same password as before, we can do "alter user <username>
> password <oldpassword>", so this will change to scram-sha-256 but no
> changes in application code.
>
> Thanks and Regards,
> Nikhil
>
Yes, that's exactly the way to go.
--
Holger Jakobs, Bergisch Gladbach, Tel. +49-178-9759012