| From: | Greg Sabino Mullane <htamfids(at)gmail(dot)com> |
|---|---|
| To: | Alpaslan AKDAĞ <alpaslanakdag(at)gmail(dot)com> |
| Cc: | "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Password Encryption and Connection Issues |
| Date: | 2025-07-09 14:58:15 |
| Message-ID: | CAKAnmmK9hQE-Cs2rVx_7brmubA1qCyNPmnOf=eA2HuxPwMy9=A@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, Jul 9, 2025 at 9:57 AM Alpaslan AKDAĞ <alpaslanakdag(at)gmail(dot)com>
wrote:
> Is it expected behavior that users created with scram-sha-256 passwords
> can still connect via md5 in pg_hba.conf?
Yes. From the docs:
> To ease transition from the md5 method to the newer SCRAM method, if md5 is
> specified as a method in pg_hba.conf but the user's password on the
> server is encrypted for SCRAM (see below), then SCRAM-based authentication
> will automatically be chosen instead.
You can think of "md5" inside pg_hba.conf as "md5 or better"
As a result, some users are able to connect, while others cannot.
Can you expand on this? Nothing you have done should be preventing logins,
as far as I can tell.
Best solution: Upgrade everyone to scram, then change md5 to scram in
pg_hba.conf and never look back.
--
Cheers,
Greg
--
Crunchy Data - https://www.crunchydata.com
Enterprise Postgres Software Products & Tech Support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ron Johnson | 2025-07-09 15:09:10 | Re: Password Encryption and Connection Issues |
| Previous Message | David G. Johnston | 2025-07-09 14:06:48 | Re: Password Encryption and Connection Issues |