Re: Password Encryption and Connection Issues
| От | Ron Johnson |
|---|---|
| Тема | Re: Password Encryption and Connection Issues |
| Дата | |
| Msg-id | CANzqJaC2zgNWzizoXLHS6EOmKOOezq3Rnd9WvJZ2rB7-__=OEA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Password Encryption and Connection Issues (Greg Sabino Mullane <htamfids@gmail.com>) |
| Ответы |
Re: Password Encryption and Connection Issues
Re: Password Encryption and Connection Issues |
| Список | pgsql-general |
On Wed, Jul 9, 2025 at 10:59 AM Greg Sabino Mullane <htamfids@gmail.com> wrote:
On Wed, Jul 9, 2025 at 9:57 AM Alpaslan AKDAĞ <alpaslanakdag@gmail.com> wrote:Is it expected behavior that users created withscram-sha-256passwords can still connect viamd5inpg_hba.conf?Yes. From the docs:To ease transition from themd5method to the newer SCRAM method, ifmd5is specified as a method inpg_hba.confbut the user's password on the server is encrypted for SCRAM (see below), then SCRAM-based authentication will automatically be chosen instead.You can think of "md5" inside pg_hba.conf as "md5 or better"As a result, some users are able to connect, while others cannot.Can you expand on this? Nothing you have done should be preventing logins, as far as I can tell.Best solution: Upgrade everyone to scram, then change md5 to scram in pg_hba.conf and never look back.
That requires setting the password to null and then recreating the password, no? Otherwise IIRC, changing an md5 password leaves the new password also in md5 format.
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!
В списке pgsql-general по дате отправления: