From: | Holger Jakobs <holger(at)jakobs(dot)com> |
---|---|
To: | pgsql-admin(at)lists(dot)postgresql(dot)org |
Subject: | Re: Upgrading password encryption from md5 to scram-sh-256 |
Date: | 2021-05-29 08:10:05 |
Message-ID: | 8eb90d2f-2a3f-8da8-a03e-124105156678@jakobs.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin |
Am 28.05.21 um 18:31 schrieb Nikhil Shetty:
> Hi,
>
> Thank you for your feedback Jonathan, Laurenz and Holger. I am
> thinking of using the below approach which will give users more
> control of when to change "application-user" password.
>
> Is there any drawback if the user uses below steps to change their
> password?
>
> 1. alter user set password_encryption to 'scram-sha-256' 2. In a new
> session, users can change their passwords
>
> Finally, once all users have changed password, set password_encryption
> at instance level, make changes in pg_hba and reload.
>
> To use the same password as before, we can do "alter user <username>
> password <oldpassword>", so this will change to scram-sha-256 but no
> changes in application code.
>
> Thanks and Regards,
> Nikhil
>
Yes, that's exactly the way to go.
--
Holger Jakobs, Bergisch Gladbach, Tel. +49-178-9759012
From | Date | Subject | |
---|---|---|---|
Next Message | mustafa.pekgoz | 2021-05-29 11:54:18 | Postgresql SET DEADLOCK_PRIORITY |
Previous Message | Yambu | 2021-05-29 04:33:24 | Re: insert into table |