Thread: Authentication: MD5 to SCRAM-SHA-256 error
Hello,
We're currently using PostgreSQL version 10.5 in a Linux environment. We were wanting to change the password authentication from MD5 to SCRAM-SHA-256. I performed these steps to do so:
1) Modified the postgresql.conf and changed the password_encryption entry from "md5" to "scram-sha-256".
2) restarted the database
3) Changed all our users password to a default password using the command:
alter user xxx password 'xxx';
alter user xxx password 'xxx';
4) Once I did this, I could run this sql statement and verify the password was now a sha-256 password:
select passwd from pg_shadow where username = 'xxx'
select passwd from pg_shadow where username = 'xxx'
5) Finally, i went into the pg_hba.conf file and changed the authentication method from md5 over to scram-sha-256.
6) restarted the database again.
However when I try to log in now, via command line, I receive the error: "psql: authentication method 10 not supported". I tried to search online for this error but everything I've seen implies that occurs when some client's libraries are not compatible, but i'm just using psql via the command line.
What's worse...I tried to set everything back to MD5 and i'm still getting the exact same error. Has anyone else experienced this? The only thing I can think of is that even though I'm on version 10.5, maybe somehow I have old libraries it's trying to use to connect?
Any help would be greatly appreciated!
Thanks!
On 11/15/19 8:23 AM, Dave Hughes wrote: > Hello, > We're currently using PostgreSQL version 10.5 in a Linux environment. > We were wanting to change the password authentication from MD5 to > SCRAM-SHA-256. I performed these steps to do so: > 1) Modified the postgresql.conf and changed the password_encryption > entry from "md5" to "scram-sha-256". > 2) restarted the database > 3) Changed all our users password to a default password using the command: > alter user xxx password 'xxx'; > 4) Once I did this, I could run this sql statement and verify the > password was now a sha-256 password: > select passwd from pg_shadow where username = 'xxx' > 5) Finally, i went into the pg_hba.conf file and changed the > authentication method from md5 over to scram-sha-256. > 6) restarted the database again. > > However when I try to log in now, via command line, I receive the error: > "psql: authentication method 10 not supported". I tried to search > online for this error but everything I've seen implies that occurs when > some client's libraries are not compatible, but i'm just using psql via > the command line. > > What's worse...I tried to set everything back to MD5 and i'm still > getting the exact same error. Has anyone else experienced this? The > only thing I can think of is that even though I'm on version 10.5, maybe > somehow I have old libraries it's trying to use to connect? > > Any help would be greatly appreciated! What Linux distro and version? How was Postgres installed? Do you have more then one instance of Postgres installed? > Thanks! -- Adrian Klaver adrian.klaver@aklaver.com
## Dave Hughes (dhughes20@gmail.com): > However when I try to log in now, via command line, I receive the error: > "psql: authentication method 10 not supported". Your client (more precisely: it's libpq) is not ready for SCRAM. I guess you're using an older (<10) client version? Mixed up packages? Regards, Christoph -- Spare Space
Thanks for replying guys! You both led me down the right path. I didn't realize it, but looks like we had 2 directories where psql was installed. Once I gave the path specifically to PostgreSQL10, it worked like a charm.
I'm reaching out to our server admins now to see why there are 2 instances.
Thanks again for pointing me in the right direction.
On Fri, Nov 15, 2019 at 11:44 AM Christoph Moench-Tegeder <cmt@burggraben.net> wrote:
## Dave Hughes (dhughes20@gmail.com):
> However when I try to log in now, via command line, I receive the error:
> "psql: authentication method 10 not supported".
Your client (more precisely: it's libpq) is not ready for SCRAM.
I guess you're using an older (<10) client version? Mixed up
packages?
Regards,
Christoph
--
Spare Space
On Fri, Nov 15, 2019 at 03:17:17PM -0500, Dave Hughes wrote: > Thanks for replying guys! You both led me down the right path. I didn't > realize it, but looks like we had 2 directories where psql was installed. > Once I gave the path specifically to PostgreSQL10, it worked like a charm. > > I'm reaching out to our server admins now to see why there are 2 > instances. Maybe remnants of past version packages for an upgrade where pg_upgrade has been involved? You need both the old and new binaries when doing that, and most distributions allow different major versions of Postgres to be installed in parallel. -- Michael