Participants
Dave Hughes
Dave Hughes
Adrian Klaver
Adrian Klaver
Christoph Moench-Tegeder
Christoph Moench-Tegeder
Michael Paquier
Michael Paquier
Attachments
Show all attachments
Thread Outline
#1Dave HughesDave Hughes
Nov 15, 2019
#2Adrian KlaverAdrian Klaverto Dave Hughes (#1)
Nov 15, 2019
#3...#5
Christoph Moench-TegederDave HughesMichael Paquier
to Dave Hughes (#1)
Nov 15, 2019
#3Christoph Moench-TegederChristoph Moench-Tegederto Dave Hughes (#1)
Nov 15, 2019
#4Dave HughesDave Hughesto Christoph Moench-Tegeder (#3)
Nov 15, 2019
#5Michael PaquierMichael Paquierto Dave Hughes (#4)
Nov 18, 2019

Authentication: MD5 to SCRAM-SHA-256 error

Started by Dave Hughesover 6 years ago5 messagesgeneral
Jump to latest
#1Dave Hughes
Dave Hughes
dhughes20@gmail.com

Hello,
We're currently using PostgreSQL version 10.5 in a Linux environment. We
were wanting to change the password authentication from MD5 to
SCRAM-SHA-256. I performed these steps to do so:
1) Modified the postgresql.conf and changed the password_encryption entry
from "md5" to "scram-sha-256".
2) restarted the database
3) Changed all our users password to a default password using the command:
alter user xxx password 'xxx';
4) Once I did this, I could run this sql statement and verify the password
was now a sha-256 password:
select passwd from pg_shadow where username = 'xxx'
5) Finally, i went into the pg_hba.conf file and changed the
authentication method from md5 over to scram-sha-256.
6) restarted the database again.

However when I try to log in now, via command line, I receive the error:
"psql: authentication method 10 not supported". I tried to search online
for this error but everything I've seen implies that occurs when some
client's libraries are not compatible, but i'm just using psql via the
command line.

What's worse...I tried to set everything back to MD5 and i'm still getting
the exact same error. Has anyone else experienced this? The only thing I
can think of is that even though I'm on version 10.5, maybe somehow I have
old libraries it's trying to use to connect?

Any help would be greatly appreciated!
Thanks!

#2Adrian Klaver
Adrian Klaver
adrian.klaver@aklaver.com
In reply to: Dave Hughes (#1)
Re: Authentication: MD5 to SCRAM-SHA-256 error

On 11/15/19 8:23 AM, Dave Hughes wrote:

Hello,
We're currently using PostgreSQL version 10.5 in a Linux environment.
We were wanting to change the password authentication from MD5 to
SCRAM-SHA-256.  I performed these steps to do so:
1) Modified the postgresql.conf and changed the password_encryption
entry from "md5" to "scram-sha-256".
2) restarted the database
3) Changed all our users password to a default password using the command:
alter user xxx password 'xxx';
4) Once I did this, I could run this sql statement and verify the
password was now a sha-256 password:
select passwd from pg_shadow where username = 'xxx'
5)  Finally, i went into the pg_hba.conf file and changed the
authentication method from md5 over to scram-sha-256.
6) restarted the database again.

However when I try to log in now, via command line, I receive the error:
"psql: authentication method 10 not supported".  I tried to search
online for this error but everything I've seen implies that occurs when
some client's libraries are not compatible, but i'm just using psql via
the command line.

What's worse...I tried to set everything back to MD5 and i'm still
getting the exact same error.  Has anyone else experienced this?  The
only thing I can think of is that even though I'm on version 10.5, maybe
somehow I have old libraries it's trying to use to connect?

Any help would be greatly appreciated!

What Linux distro and version?

How was Postgres installed?

Do you have more then one instance of Postgres installed?

Thanks!

--
Adrian Klaver
adrian.klaver@aklaver.com

#3Christoph Moench-Tegeder
Christoph Moench-Tegeder
cmt@burggraben.net
In reply to: Dave Hughes (#1)
Re: Authentication: MD5 to SCRAM-SHA-256 error

## Dave Hughes (dhughes20@gmail.com):

However when I try to log in now, via command line, I receive the error:
"psql: authentication method 10 not supported".

Your client (more precisely: it's libpq) is not ready for SCRAM.
I guess you're using an older (<10) client version? Mixed up
packages?

Regards,
Christoph

--
Spare Space

#4Dave Hughes
Dave Hughes
dhughes20@gmail.com
In reply to: Christoph Moench-Tegeder (#3)
Re: Authentication: MD5 to SCRAM-SHA-256 error

Thanks for replying guys! You both led me down the right path. I didn't
realize it, but looks like we had 2 directories where psql was installed.
Once I gave the path specifically to PostgreSQL10, it worked like a charm.

I'm reaching out to our server admins now to see why there are 2
instances.

Thanks again for pointing me in the right direction.

On Fri, Nov 15, 2019 at 11:44 AM Christoph Moench-Tegeder <
cmt@burggraben.net> wrote:

Show quoted text

## Dave Hughes (dhughes20@gmail.com):

However when I try to log in now, via command line, I receive the error:
"psql: authentication method 10 not supported".

Your client (more precisely: it's libpq) is not ready for SCRAM.
I guess you're using an older (<10) client version? Mixed up
packages?

Regards,
Christoph

--
Spare Space

#5Michael Paquier
Michael Paquier
michael@paquier.xyz
In reply to: Dave Hughes (#4)
Re: Authentication: MD5 to SCRAM-SHA-256 error

On Fri, Nov 15, 2019 at 03:17:17PM -0500, Dave Hughes wrote:

Thanks for replying guys! You both led me down the right path. I didn't
realize it, but looks like we had 2 directories where psql was installed.
Once I gave the path specifically to PostgreSQL10, it worked like a charm.

I'm reaching out to our server admins now to see why there are 2
instances.

Maybe remnants of past version packages for an upgrade where
pg_upgrade has been involved? You need both the old and new binaries
when doing that, and most distributions allow different major versions
of Postgres to be installed in parallel.
--
Michael

← Back to Topics