| From: | Meirav Rath <meirav(dot)rath(at)imperva(dot)com> |
|---|---|
| To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
| Cc: | Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>, "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org>, "PG Bug reporting form" <noreply(at)postgresql(dot)org> |
| Subject: | RE: BUG #15035: scram-sha-256 blocks all logins |
| Date: | 2018-01-30 07:56:40 |
| Message-ID: | DM2PR0601MB0956D8A1DDED5131ABEF13E3E4E40@DM2PR0601MB0956.namprd06.prod.outlook.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Like this?
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
host all all 0.0.0.0/0 scram-sha256
host all postgres 0.0.0.0/0 trust
Because I can’t restart the postgresql service, it crashes when this is the setup….
User postgres is the superuser, by the way.
From: David G. Johnston [mailto:david(dot)g(dot)johnston(at)gmail(dot)com]
Sent: Tuesday, January 30, 2018 06:38
To: Meirav Rath <meirav(dot)rath(at)imperva(dot)com>
Cc: Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>; pgsql-bugs(at)lists(dot)postgresql(dot)org; PG Bug reporting form <noreply(at)postgresql(dot)org>
Subject: BUG #15035: scram-sha-256 blocks all logins
On Monday, January 29, 2018, Meirav Rath <meirav(dot)rath(at)imperva(dot)com<mailto:meirav(dot)rath(at)imperva(dot)com>> wrote:
I set up the password hashing method to scram and now no one can login to the server and that's not a bug??
If we understand the problem correctly, no, it's not a bug: changing the password type setting after deployment requires some work to change pre-existing roles. It is not possible for the server to do it for you, the passwords being encrypted.
I think the short answer is to setup pg_hba.conf so you can get a superuser login without a password (peer or trust) and then alter the superuser password and create/alter any users you want with new password in scram format.
David J.
-------------------------------------------
NOTICE:
This email and all attachments are confidential, may be proprietary, and may be privileged or otherwise protected from disclosure. They are intended solely for the individual or entity to whom the email is addressed. However, mistakes sometimes happen in addressing emails. If you believe that you are not an intended recipient, please stop reading immediately. Do not copy, forward, or rely on the contents in any way. Notify the sender and/or Imperva, Inc. by telephone at +1 (650) 832-6006 and then delete or destroy any copy of this email and its attachments. The sender reserves and asserts all rights to confidentiality, as well as any privileges that may apply. Any disclosure, copying, distribution or action taken or omitted to be taken by an unintended recipient in reliance on this message is prohibited and may be unlawful.
Please consider the environment before printing this email.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2018-01-30 08:02:47 | Re: BUG #15035: scram-sha-256 blocks all logins |
| Previous Message | Tom Lane | 2018-01-30 04:40:53 | Re: BUG #15035: scram-sha-256 blocks all logins |