From owner-freebsd-questions@FreeBSD.ORG Tue Aug 13 16:18:43 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id F00F633B for ; Tue, 13 Aug 2013 16:18:42 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id ACF15223C for ; Tue, 13 Aug 2013 16:18:42 +0000 (UTC) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost1.zedat.fu-berlin.de (Exim 4.80.1) with esmtp (envelope-from ) id <1V9HIu-002uu6-SN>; Tue, 13 Aug 2013 18:18:40 +0200 Received: from g226180153.adsl.alicedsl.de ([92.226.180.153] helo=thor.walstatt.dyndns.org) by inpost2.zedat.fu-berlin.de (Exim 4.80.1) with esmtpsa (envelope-from ) id <1V9HIu-001uEk-Na>; Tue, 13 Aug 2013 18:18:40 +0200 Date: Tue, 13 Aug 2013 18:18:35 +0200 From: "O. Hartmann" To: Volodymyr Kostyrko Subject: Re: trouble with PostgreSQL 9.2 on FreeBSD 10.0-CURRENT: superuser can not autheticate anymore with md5 password hash set Message-ID: <20130813181835.3291401d@thor.walstatt.dyndns.org> In-Reply-To: <520A48CA.2020009@gmail.com> References: <20130813163001.3194750f@telesto> <520A46A0.5010506@gmail.com> <520A48CA.2020009@gmail.com> Organization: FU Berlin X-Mailer: Claws Mail 3.9.2 (GTK+ 2.24.19; amd64-portbld-freebsd10.0) Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/ZRsfUG_RnMhYjp2_Y_aN45C"; protocol="application/pgp-signature" X-Originating-IP: 92.226.180.153 Cc: FreeBSD Questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Aug 2013 16:18:43 -0000 --Sig_/ZRsfUG_RnMhYjp2_Y_aN45C Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Tue, 13 Aug 2013 17:55:06 +0300 Volodymyr Kostyrko wrote: > > 13.08.2013 17:30, O. Hartmann wrote: > >> For the past I ran PostgreSQL 9.2 servers on FreeBSD 10.0-CURRENT > >> successfully. But by now, out of the blue, login as the database's > >> supervisor "pgsql" remotely isn't possible any more. > >> > >> The appropriate lines in pg_hba.conf are: > >> > >> local all pgsql md5 > >> hostssl all pgsql 0.0.0.0/0 md5 > >> > >> The funny thing is: when login locally without providing a password > >> (swap md5 to trust in the "local" line) and setting the password > >> for the role "pgsql" via > >> > >> ALTER ROLE pgsql ENCRYPTED PASSWORD 'FooMe"; > > > > I guess ENCRYPTED means you are substituting FooMe with md5 hashed > > password correctly salted with role name as postgresql requires? >=20 > Silly me, that's wrong. ENCRYPTED only means that password will be=20 > stored encrypted on the disk. There's a side note about using > ENCRYPTED password with postgres in the docs though: >=20 > "Note that older clients might lack support for the MD5 > authentication mechanism that is needed to work with passwords that > are stored encrypted." >=20 Well, even if not ENCRYPTED it doesn't work anymore and prior to this failure, the passwords were stored md5 hashed via pgadmin3 all the time - and it worked. I made now another test. On a FreeBSD 9.2 box which is also running PostgreSQL 9.2 and to which I have access the way that is now rejected by the others, I did a login as the supervisor (pgsql) successfully and then set the password for that supervisor again with alter role pgsql with encrypted password 'FooMe'; (FooMe was the passowrd used before on the same system, it worked definitely) and - booom - I can not login anymore onto that machine! Something is definitely wrong. I have no idea what is wrong here. --Sig_/ZRsfUG_RnMhYjp2_Y_aN45C Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (FreeBSD) iQEcBAEBAgAGBQJSClxgAAoJEOgBcD7A/5N8I88IALhnRyo7y56MIRWlugMdyk0O PXG080HE9K+MmzEhzKaY/IRw7xSNReGqy7tscKTu7F2f8X+UjhuVwW2hTec1nub/ 5XQB0ADk7yRXMLFqvdiShaF8gdIKy3573XLnbYSwTvT6FhBzOxTY5c2XTEDHlRBa eYmUF7LLSDgnUb9oQbWyCswEos9nGK8qOCu8pmj64a7VCYRzm4bxafRIIhNtdFwd L1VZiAAsecg9Iz9T1fCF+oAjY3ANthK3AE+ctBS9TRGmi9xuI7cXwm9Jyu3B1Y6f Q/qkDaJ14olNOZ8b4sPUeyBMFipzSPPH+9Hs+JVM+rN5eJJmejSOXQ59/OLnQ4g= =Fy7o -----END PGP SIGNATURE----- --Sig_/ZRsfUG_RnMhYjp2_Y_aN45C--