trouble with PostgreSQL 9.2 on FreeBSD 10.0-CURRENT: superuser can not autheticate anymore with md5 password hash set
O. Hartmann
ohartman at zedat.fu-berlin.de
Tue Aug 13 16:18:43 UTC 2013
On Tue, 13 Aug 2013 17:55:06 +0300
Volodymyr Kostyrko <c.kworr at gmail.com> wrote:
> > 13.08.2013 17:30, O. Hartmann wrote:
> >> For the past I ran PostgreSQL 9.2 servers on FreeBSD 10.0-CURRENT
> >> successfully. But by now, out of the blue, login as the database's
> >> supervisor "pgsql" remotely isn't possible any more.
> >>
> >> The appropriate lines in pg_hba.conf are:
> >>
> >> local all pgsql md5
> >> hostssl all pgsql 0.0.0.0/0 md5
> >>
> >> The funny thing is: when login locally without providing a password
> >> (swap md5 to trust in the "local" line) and setting the password
> >> for the role "pgsql" via
> >>
> >> ALTER ROLE pgsql ENCRYPTED PASSWORD 'FooMe";
> >
> > I guess ENCRYPTED means you are substituting FooMe with md5 hashed
> > password correctly salted with role name as postgresql requires?
>
> Silly me, that's wrong. ENCRYPTED only means that password will be
> stored encrypted on the disk. There's a side note about using
> ENCRYPTED password with postgres in the docs though:
>
> "Note that older clients might lack support for the MD5
> authentication mechanism that is needed to work with passwords that
> are stored encrypted."
>
Well, even if not ENCRYPTED it doesn't work anymore and prior to this
failure, the passwords were stored md5 hashed via pgadmin3 all the time
- and it worked.
I made now another test. On a FreeBSD 9.2 box which is also running
PostgreSQL 9.2 and to which I have access the way that is now rejected
by the others, I did a login as the supervisor (pgsql) successfully and
then set the password for that supervisor again with
alter role pgsql with encrypted password 'FooMe';
(FooMe was the passowrd used before on the same system, it worked
definitely) and - booom - I can not login anymore onto that machine!
Something is definitely wrong.
I have no idea what is wrong here.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20130813/26d24a8a/attachment.sig>
More information about the freebsd-questions
mailing list