Home > mailing lists

Re: Password Encryption and Connection Issues - Mailing list pgsql-general

From	Greg Sabino Mullane
Subject	Re: Password Encryption and Connection Issues
Date	July 9 17:58:15
Msg-id	CAKAnmmK9hQE-Cs2rVx_7brmubA1qCyNPmnOf=eA2HuxPwMy9=A@mail.gmail.com Whole thread Raw
In response to	Password Encryption and Connection Issues (Alpaslan AKDAĞ <alpaslanakdag@gmail.com>)
Responses	Re: Password Encryption and Connection Issues Re: Password Encryption and Connection Issues
List	pgsql-general

Tree view

On Wed, Jul 9, 2025 at 9:57 AM Alpaslan AKDAĞ <alpaslanakdag@gmail.com> wrote:

Is it expected behavior that users created with scram-sha-256 passwords can still connect via md5 in pg_hba.conf?

Yes. From the docs:

To ease transition from the md5 method to the newer SCRAM method, if md5 is specified as a method in pg_hba.conf but the user's password on the server is encrypted for SCRAM (see below), then SCRAM-based authentication will automatically be chosen instead.

You can think of "md5" inside pg_hba.conf as "md5 or better"

As a result, some users are able to connect, while others cannot.

Can you expand on this? Nothing you have done should be preventing logins, as far as I can tell.

Best solution: Upgrade everyone to scram, then change md5 to scram in pg_hba.conf and never look back.

Cheers,

Greg

Crunchy Data - https://www.crunchydata.com

Enterprise Postgres Software Products & Tech Support

pgsql-general by date:

From: "David G. Johnston"
Date: 09 July, 17:06:48
Subject: Re: Password Encryption and Connection Issues

From: Ron Johnson
Date: 09 July, 18:09:10
Subject: Re: Password Encryption and Connection Issues

Re: Password Encryption and Connection Issues - Mailing list pgsql-general

Previous

Next