Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

SCRAM-SHA-256 support for states.postgres_user

See original GitHub issue

Current implementation either sends and compares plaintext or an md5hash. There’s no way to send plaintext for the server to hash, because it also adds UNENCRYPTED to the query.

ERROR: UNENCRYPTED PASSWORD is no longer supported

Issue Analytics

State:
Created 5 years ago
Comments:8 (2 by maintainers)

Top GitHub Comments

2reactions

OrangeDogcommented, Jan 7, 2020

Still a desired feature.

2reactions

minusfcommented, Sep 12, 2019

sadly without SCRAM support the current postgres_user state has very limited usefulness. please also let the module work with already encrypted passwords like:

postgres_user.present:
  name: blah
  password: "SCRAM-SHA-256$4096:lKj35tB36e3LV3fVaW3hlw==$NO7qHn5U1C [...] XDDEcI="

Top Results From Across the Web

To scram-sha-256 from MD5 in PostgreSQL- CYBERTEC

This article explains in simple steps how to improve security in PostgreSQL by converting from MD5 hashes to scram-sha-256.

Documentation: 15: 21.5. Password Authentication - PostgreSQL

The method scram-sha-256 performs SCRAM-SHA-256 authentication, as described in RFC 7677. It is a challenge-response scheme that prevents password sniffing ...

I tried to change postgresql md5 to scram-sha-256 and I get ...

A. Now switch into the postgres user and run psql ... SELECT rolname, rolpassword ~ '^SCRAM-SHA-256\$' AS has_upgraded FROM pg_authid WHERE ...

How to Upgrade Your PostgreSQL Passwords to SCRAM

A how to guide for upgrading your PostgreSQL passwords to use SCRAM (SCRAM-SHA-256) for authentication instead of MD5.

PostgreSQL - password authentication to SCRAM-SHA-256.

Change PostgreSQL Password Authentication to SCRAM-SHA-256 ... By default (out-of-the-box installation), Postgres uses md5 encryption. Beginning with Postgres 10, ...