Date: Tue, 13 Aug 2013 18:18:35 +0200 From: "O. Hartmann" <ohartman@zedat.fu-berlin.de> To: Volodymyr Kostyrko <c.kworr@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: trouble with PostgreSQL 9.2 on FreeBSD 10.0-CURRENT: superuser can not autheticate anymore with md5 password hash set Message-ID: <20130813181835.3291401d@thor.walstatt.dyndns.org> In-Reply-To: <520A48CA.2020009@gmail.com> References: <20130813163001.3194750f@telesto> <520A46A0.5010506@gmail.com> <520A48CA.2020009@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/ZRsfUG_RnMhYjp2_Y_aN45C Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Tue, 13 Aug 2013 17:55:06 +0300 Volodymyr Kostyrko <c.kworr@gmail.com> wrote: > > 13.08.2013 17:30, O. Hartmann wrote: > >> For the past I ran PostgreSQL 9.2 servers on FreeBSD 10.0-CURRENT > >> successfully. But by now, out of the blue, login as the database's > >> supervisor "pgsql" remotely isn't possible any more. > >> > >> The appropriate lines in pg_hba.conf are: > >> > >> local all pgsql md5 > >> hostssl all pgsql 0.0.0.0/0 md5 > >> > >> The funny thing is: when login locally without providing a password > >> (swap md5 to trust in the "local" line) and setting the password > >> for the role "pgsql" via > >> > >> ALTER ROLE pgsql ENCRYPTED PASSWORD 'FooMe"; > > > > I guess ENCRYPTED means you are substituting FooMe with md5 hashed > > password correctly salted with role name as postgresql requires? >=20 > Silly me, that's wrong. ENCRYPTED only means that password will be=20 > stored encrypted on the disk. There's a side note about using > ENCRYPTED password with postgres in the docs though: >=20 > "Note that older clients might lack support for the MD5 > authentication mechanism that is needed to work with passwords that > are stored encrypted." >=20 Well, even if not ENCRYPTED it doesn't work anymore and prior to this failure, the passwords were stored md5 hashed via pgadmin3 all the time - and it worked. I made now another test. On a FreeBSD 9.2 box which is also running PostgreSQL 9.2 and to which I have access the way that is now rejected by the others, I did a login as the supervisor (pgsql) successfully and then set the password for that supervisor again with alter role pgsql with encrypted password 'FooMe'; (FooMe was the passowrd used before on the same system, it worked definitely) and - booom - I can not login anymore onto that machine! Something is definitely wrong. I have no idea what is wrong here. --Sig_/ZRsfUG_RnMhYjp2_Y_aN45C Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (FreeBSD) iQEcBAEBAgAGBQJSClxgAAoJEOgBcD7A/5N8I88IALhnRyo7y56MIRWlugMdyk0O PXG080HE9K+MmzEhzKaY/IRw7xSNReGqy7tscKTu7F2f8X+UjhuVwW2hTec1nub/ 5XQB0ADk7yRXMLFqvdiShaF8gdIKy3573XLnbYSwTvT6FhBzOxTY5c2XTEDHlRBa eYmUF7LLSDgnUb9oQbWyCswEos9nGK8qOCu8pmj64a7VCYRzm4bxafRIIhNtdFwd L1VZiAAsecg9Iz9T1fCF+oAjY3ANthK3AE+ctBS9TRGmi9xuI7cXwm9Jyu3B1Y6f Q/qkDaJ14olNOZ8b4sPUeyBMFipzSPPH+9Hs+JVM+rN5eJJmejSOXQ59/OLnQ4g= =Fy7o -----END PGP SIGNATURE----- --Sig_/ZRsfUG_RnMhYjp2_Y_aN45C--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130813181835.3291401d>