| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | akada shigeki <zz5s-akd(at)asahi-net(dot)or(dot)jp>, pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: BUG #16672: Postgres user passwords are corrupted during migration |
| Date: | 2020-10-15 16:46:38 |
| Message-ID: | 20201015164638.GE3797@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Wed, Oct 14, 2020 at 09:07:31PM -0400, Tom Lane wrote:
> "akada shigeki" <zz5s-akd(at)asahi-net(dot)or(dot)jp> writes:
> > solved.
> > I was able to restore by changing SCRAM-SHA-256 in HBA.Conf to MD5.
> > Does this mean that PSQL doesn't support SHA-256 encryption?
>
> No, it means if you want to use SCRAM authentication then you need the
> password that's stored in pg_authid to be hashed with SCRAM. The password
> you carried forward from v12 evidently isn't. (Again, look into pg_authid
> to confirm that.)
>
> Do this, in either v12 or v13, to update the password:
>
> set password_encryption to "scram-sha-256";
> alter user postgres with password 'clear text password here';
>
> The system cannot do this for you because there's no way to recover
> the cleartext password from the md5 hash.
I am surprised we don't get more problem reports about this.
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EnterpriseDB https://enterprisedb.com
The usefulness of a cup is in its emptiness, Bruce Lee
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2020-10-15 23:54:32 | Re: BUG #16663: DROP INDEX did not free up disk space: idle connection hold file marked as deleted |
| Previous Message | Alvaro Herrera | 2020-10-15 15:19:59 | Re: BUG #16577: Segfault on altering a table located in a dropped tablespace |