From: | PG Bug reporting form <noreply(at)postgresql(dot)org> |
---|---|
To: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
Cc: | meirav(dot)rath(at)imperva(dot)com |
Subject: | BUG #15035: scram-sha-256 blocks all logins |
Date: | 2018-01-29 15:20:21 |
Message-ID: | 151723922191.1238.12656996435976596418@wrigleys.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 15035
Logged by: Meirav Rath
Email address: meirav(dot)rath(at)imperva(dot)com
PostgreSQL version: 10.0
Operating system: windows server 2012 R2
Description:
Hi,
I'm trying to set up the new SCRAM-SHA-256 authentication method. The only
problem is that the moment I set this in both postgresql.conf and
pg_hba.conf I can no longer login with any user, and so I can't create new
users with passwords that are compatible.
Here's what pg_hba.conf looks like:
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
host all all 0.0.0.0/0 scram-sha-256
host all postgres 0.0.0.0/0 md5
And here's what postgresql.conf looks like:
#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------
# - Connection Settings -
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
#superuser_reserved_connections = 3 # (change requires restart)
#unix_socket_directories = '' # comma-separated list of directories
# (change requires restart)
#unix_socket_group = '' # (change requires restart)
#unix_socket_permissions = 0777 # begin with 0 to use octal notation
# (change requires restart)
#bonjour = off # advertise server via Bonjour
# (change requires restart)
#bonjour_name = '' # defaults to the computer name
# (change requires restart)
# - Security and Authentication -
#authentication_timeout = 1min # 1s-600s
#ssl = off
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
#ssl_prefer_server_ciphers = on
#ssl_ecdh_curve = 'prime256v1'
#ssl_dh_params_file = ''
#ssl_cert_file = 'server.crt'
#ssl_key_file = 'server.key'
#ssl_ca_file = ''
#ssl_crl_file = ''
password_encryption = scram-sha-256
#db_user_namespace = off
#row_security = on
# GSSAPI using Kerberos
#krb_server_keyfile = ''
#krb_caseins_users = off
# - TCP Keepalives -
# see "man 7 tcp" for details
#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds;
# 0 selects the system default
#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds;
# 0 selects the system default
#tcp_keepalives_count = 0 # TCP_KEEPCNT;
# 0 selects the system default
Please advise.
From | Date | Subject | |
---|---|---|---|
Next Message | PG Bug reporting form | 2018-01-29 16:48:53 | BUG #15036: Un-killable queries Hanging in BgWorkerShutdown |
Previous Message | Tomas Vondra | 2018-01-29 13:41:49 | Re: BUG #14932: SELECT DISTINCT val FROM table gets stuck in an infinite loop |