Database Administrators Asked by ConanTheGerbil on January 7, 2021
Which of the two postgres configuration files postgresql.conf and pg_hba.conf takes priority?
pg_hba.conf controls client authentication methods including ‘md5’ and ‘scram-sha-256’
postgresql.conf includes an entry for password_encryption which can be ‘md5’ or ‘scram-sha-256’ (or blank, I guess)
So if these values aren’t set to the same thing, which takes priority?
There is no priority to choose because they have different purposes.
password_encryption in postgresql.conf tells how to hash a new password when it's changed or a new user is created with a password.
the field in pg_hba.conf tells what kind of authentication scheme should be used when a client that matches the rules attempts to connect.
When connecting with a client that does not support SCRAM authentication:
If the first line that matches in pg_hba.conf for this connection attempt has, in the METHOD field:
scram-sha-256, the connection will be rejected.
md5 and the password of this account is stored with an
md5 hash (independently of password_encryption), the connection
will succeed.
md5 and the password of this account is stored with an
scram-sha256 hash (independently of password_encryption), the connection will be rejected.
A superuser can check what kind of password is assigned to existing accounts by looking at the hashed passwords in the system table pg_catalog.pg_authid.
Correct answer by Daniel Vérité on January 7, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP