Home > mailing lists

Re: Password Encryption and Connection Issues - Mailing list pgsql-general

From	Greg Sabino Mullane
Subject	Re: Password Encryption and Connection Issues
Date	July 9 20:02:06
Msg-id	CAKAnmmLfYwA+A6_A7fHbFOpYLmzs-7wjpFfR32b7c3qJOTxscg@mail.gmail.com Whole thread Raw
In response to	Re: Password Encryption and Connection Issues (Greg Sabino Mullane <htamfids@gmail.com>)
List	pgsql-general

Tree view

Best solution: Upgrade everyone to scram, then change md5 to scram in pg_hba.conf and never look back.

To expand more on the "upgrade everyone to scram", that means force all users to set a new password while using scram (which should be the default). You can do it yourself by getting a list of users and changing their passwords inside psql:

-- List all users still stuck in md5-land:

greg=# select rolname from pg_authid where rolpassword ~ '^md5'

alice

eve

mallory

(3 rows)

-- Just in case, force use of scram

greg=# set password_encryption = 'scram-sha-256';

SET

-- Reset each user's password to some strong password of your choice:

greg=# \password alice

Enter new password for user "alice":
Enter it again:

-- Repeat the above until this query returns no rows:

select rolname from pg_authid where rolpassword ~ '^md5'

Cheers,

Greg

Crunchy Data - https://www.crunchydata.com

Enterprise Postgres Software Products & Tech Support

pgsql-general by date:

From: Mircea Cadariu
Date: 09 July, 19:37:20
Subject: Re: analyze-in-stages post upgrade questions

From: Erik Johnston
Date: 09 July, 20:02:12
Subject: Re: Corrupt btree index includes rows that don't match

Re: Password Encryption and Connection Issues - Mailing list pgsql-general

Previous

Next