Home > mailing lists

Re: Password Encryption and Connection Issues - Mailing list pgsql-general

From	Ron Johnson
Subject	Re: Password Encryption and Connection Issues
Date	July 9 18:09:10
Msg-id	CANzqJaC2zgNWzizoXLHS6EOmKOOezq3Rnd9WvJZ2rB7-__=OEA@mail.gmail.com Whole thread Raw
In response to	Re: Password Encryption and Connection Issues (Greg Sabino Mullane <htamfids@gmail.com>)
Responses	Re: Password Encryption and Connection Issues Re: Password Encryption and Connection Issues
List	pgsql-general

Tree view

On Wed, Jul 9, 2025 at 10:59 AM Greg Sabino Mullane <htamfids@gmail.com> wrote:

On Wed, Jul 9, 2025 at 9:57 AM Alpaslan AKDAĞ <alpaslanakdag@gmail.com> wrote:
Is it expected behavior that users created with scram-sha-256 passwords can still connect via md5 in pg_hba.conf?

Yes. From the docs:
To ease transition from the md5 method to the newer SCRAM method, if md5 is specified as a method in pg_hba.conf but the user's password on the server is encrypted for SCRAM (see below), then SCRAM-based authentication will automatically be chosen instead.

You can think of "md5" inside pg_hba.conf as "md5 or better"

As a result, some users are able to connect, while others cannot.

Can you expand on this? Nothing you have done should be preventing logins, as far as I can tell.

Best solution: Upgrade everyone to scram, then change md5 to scram in pg_hba.conf and never look back.

That requires setting the password to null and then recreating the password, no? Otherwise IIRC, changing an md5 password leaves the new password also in md5 format.

Death to <Redacted>, and butter sauce.

Don't boil me, I'm still alive.

<Redacted> lobster!

pgsql-general by date:

From: Greg Sabino Mullane
Date: 09 July, 17:58:15
Subject: Re: Password Encryption and Connection Issues

From: Adrian Klaver
Date: 09 July, 18:11:29
Subject: Re: Password Encryption and Connection Issues

Re: Password Encryption and Connection Issues - Mailing list pgsql-general

Previous

Next