trouble with PostgreSQL 9.2 on FreeBSD 10.0-CURRENT: superuser can not autheticate anymore with md5 password hash set

O. Hartmann ohartman at zedat.fu-berlin.de
Tue Aug 13 16:18:43 UTC 2013


On Tue, 13 Aug 2013 17:55:06 +0300
Volodymyr Kostyrko <c.kworr at gmail.com> wrote:

> > 13.08.2013 17:30, O. Hartmann wrote:
> >> For the past I ran PostgreSQL 9.2 servers on FreeBSD 10.0-CURRENT
> >> successfully. But by now, out of the blue, login as the database's
> >> supervisor "pgsql" remotely isn't possible any more.
> >>
> >> The appropriate lines in pg_hba.conf are:
> >>
> >> local   all  pgsql md5
> >> hostssl all  pgsql 0.0.0.0/0   md5
> >>
> >> The funny thing is: when login locally without providing a password
> >> (swap md5 to trust in the "local" line) and setting the password
> >> for the role "pgsql" via
> >>
> >> ALTER ROLE pgsql ENCRYPTED PASSWORD 'FooMe";
> >
> > I guess ENCRYPTED means you are substituting FooMe with md5 hashed
> > password correctly salted with role name as postgresql requires?
> 
> Silly me, that's wrong. ENCRYPTED only means that password will be 
> stored encrypted on the disk. There's a side note about using
> ENCRYPTED password with postgres in the docs though:
> 
> "Note that older clients might lack support for the MD5
> authentication mechanism that is needed to work with passwords that
> are stored encrypted."
> 

Well, even if not ENCRYPTED it doesn't work anymore and prior to this
failure, the passwords were stored md5 hashed via pgadmin3 all the time
- and it worked.

I made now another test. On a FreeBSD 9.2 box which is also running
PostgreSQL 9.2 and to which I have access the way that is now rejected
by the others, I did a login as the supervisor (pgsql) successfully and
then set the password for that supervisor again with

alter role pgsql with encrypted password 'FooMe';

(FooMe was the passowrd used before on the same system, it worked
definitely) and - booom - I can not login anymore onto that machine!
Something is definitely wrong.

I have no idea what is wrong here.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20130813/26d24a8a/attachment.sig>


More information about the freebsd-questions mailing list