| From: | Greg Sabino Mullane <htamfids(at)gmail(dot)com> |
|---|---|
| To: | Alpaslan AKDAĞ <alpaslanakdag(at)gmail(dot)com> |
| Cc: | "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Password Encryption and Connection Issues |
| Date: | 2025-07-09 17:02:06 |
| Message-ID: | CAKAnmmLfYwA+A6_A7fHbFOpYLmzs-7wjpFfR32b7c3qJOTxscg@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> Best solution: Upgrade everyone to scram, then change md5 to scram in
> pg_hba.conf and never look back.
>
To expand more on the "upgrade everyone to scram", that means force all
users to set a new password while using scram (which should be the
default). You can do it yourself by getting a list of users and changing
their passwords inside psql:
-- List all users still stuck in md5-land:
greg=# select rolname from pg_authid where rolpassword ~ '^md5'
alice
eve
mallory
(3 rows)
-- Just in case, force use of scram
greg=# set password_encryption = 'scram-sha-256';
SET
-- Reset each user's password to some strong password of your choice:
greg=# \password alice
Enter new password for user "alice":
Enter it again:
-- Repeat the above until this query returns no rows:
select rolname from pg_authid where rolpassword ~ '^md5'
Cheers,
Greg
--
Crunchy Data - https://www.crunchydata.com
Enterprise Postgres Software Products & Tech Support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Erik Johnston | 2025-07-09 17:02:12 | Re: Corrupt btree index includes rows that don't match |
| Previous Message | Mircea Cadariu | 2025-07-09 16:37:20 | Re: analyze-in-stages post upgrade questions |