Thread: Authentication: MD5 to SCRAM-SHA-256 error

Authentication: MD5 to SCRAM-SHA-256 error

From
Dave Hughes
Date:
Hello,
We're currently using PostgreSQL version 10.5 in a Linux environment.  We were wanting to change the password authentication from MD5 to SCRAM-SHA-256.  I performed these steps to do so:
1) Modified the postgresql.conf and changed the password_encryption entry from "md5" to "scram-sha-256".  
2) restarted the database
3) Changed all our users password to a default password using the command:
alter user xxx password 'xxx';
4) Once I did this, I could run this sql statement and verify the password was now a sha-256 password:
select passwd from pg_shadow where username = 'xxx'
5)  Finally, i went into the pg_hba.conf file and changed the authentication method from md5 over to scram-sha-256.
6) restarted the database again.

However when I try to log in now, via command line, I receive the error: "psql: authentication method 10 not supported".  I tried to search online for this error but everything I've seen implies that occurs when some client's libraries are not compatible, but i'm just using psql via the command line.  

What's worse...I tried to set everything back to MD5 and i'm still getting the exact same error.  Has anyone else experienced this?  The only thing I can think of is that even though I'm on version 10.5, maybe somehow I have old libraries it's trying to use to connect?

Any help would be greatly appreciated! 
Thanks!

Re: Authentication: MD5 to SCRAM-SHA-256 error

From
Adrian Klaver
Date:
On 11/15/19 8:23 AM, Dave Hughes wrote:
> Hello,
> We're currently using PostgreSQL version 10.5 in a Linux environment.  
> We were wanting to change the password authentication from MD5 to 
> SCRAM-SHA-256.  I performed these steps to do so:
> 1) Modified the postgresql.conf and changed the password_encryption 
> entry from "md5" to "scram-sha-256".
> 2) restarted the database
> 3) Changed all our users password to a default password using the command:
> alter user xxx password 'xxx';
> 4) Once I did this, I could run this sql statement and verify the 
> password was now a sha-256 password:
> select passwd from pg_shadow where username = 'xxx'
> 5)  Finally, i went into the pg_hba.conf file and changed the 
> authentication method from md5 over to scram-sha-256.
> 6) restarted the database again.
> 
> However when I try to log in now, via command line, I receive the error: 
> "psql: authentication method 10 not supported".  I tried to search 
> online for this error but everything I've seen implies that occurs when 
> some client's libraries are not compatible, but i'm just using psql via 
> the command line.
> 
> What's worse...I tried to set everything back to MD5 and i'm still 
> getting the exact same error.  Has anyone else experienced this?  The 
> only thing I can think of is that even though I'm on version 10.5, maybe 
> somehow I have old libraries it's trying to use to connect?
> 
> Any help would be greatly appreciated!

What Linux distro and version?

How was Postgres installed?

Do you have more then one instance of Postgres installed?

> Thanks!


-- 
Adrian Klaver
adrian.klaver@aklaver.com



Re: Authentication: MD5 to SCRAM-SHA-256 error

From
Christoph Moench-Tegeder
Date:
## Dave Hughes (dhughes20@gmail.com):

> However when I try to log in now, via command line, I receive the error:
> "psql: authentication method 10 not supported".

Your client (more precisely: it's libpq) is not ready for SCRAM.
I guess you're using an older (<10) client version? Mixed up
packages?

Regards,
Christoph

-- 
Spare Space



Re: Authentication: MD5 to SCRAM-SHA-256 error

From
Dave Hughes
Date:
Thanks for replying guys!  You both led me down the right path.  I didn't realize it, but looks like we had 2 directories where psql was installed.  Once I gave the path specifically to PostgreSQL10, it worked like a charm. 

I'm reaching out to our server admins now to see why there are 2 instances.  

Thanks again for pointing me in the right direction. 

On Fri, Nov 15, 2019 at 11:44 AM Christoph Moench-Tegeder <cmt@burggraben.net> wrote:
## Dave Hughes (dhughes20@gmail.com):

> However when I try to log in now, via command line, I receive the error:
> "psql: authentication method 10 not supported".

Your client (more precisely: it's libpq) is not ready for SCRAM.
I guess you're using an older (<10) client version? Mixed up
packages?

Regards,
Christoph

--
Spare Space

Re: Authentication: MD5 to SCRAM-SHA-256 error

From
Michael Paquier
Date:
On Fri, Nov 15, 2019 at 03:17:17PM -0500, Dave Hughes wrote:
> Thanks for replying guys!  You both led me down the right path.  I didn't
> realize it, but looks like we had 2 directories where psql was installed.
> Once I gave the path specifically to PostgreSQL10, it worked like a charm.
>
> I'm reaching out to our server admins now to see why there are 2
> instances.

Maybe remnants of past version packages for an upgrade where
pg_upgrade has been involved?  You need both the old and new binaries
when doing that, and most distributions allow different major versions
of Postgres to be installed in parallel.
--
Michael

Attachment