Database Administrators Asked by ConanTheGerbil on January 7, 2021
Which of the two postgres configuration files postgresql.conf
and pg_hba.conf
takes priority?
pg_hba.conf
controls client authentication methods including ‘md5’ and ‘scram-sha-256’
postgresql.conf
includes an entry for password_encryption which can be ‘md5’ or ‘scram-sha-256’ (or blank, I guess)
So if these values aren’t set to the same thing, which takes priority?
There is no priority to choose because they have different purposes.
password_encryption
in postgresql.conf tells how to hash a new password when it's changed or a new user is created with a password.
the field in pg_hba.conf
tells what kind of authentication scheme should be used when a client that matches the rules attempts to connect.
When connecting with a client that does not support SCRAM authentication:
If the first line that matches in pg_hba.conf
for this connection attempt has, in the METHOD field:
scram-sha-256
, the connection will be rejected.
md5
and the password of this account is stored with an
md5
hash (independently of password_encryption
), the connection
will succeed.
md5
and the password of this account is stored with an
scram-sha256
hash (independently of password_encryption
), the connection will be rejected.
A superuser can check what kind of password is assigned to existing accounts by looking at the hashed passwords in the system table pg_catalog.pg_authid
.
Correct answer by Daniel Vérité on January 7, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP