Upgrading Password Encryption from Md5 to Scram-sha-256 in a Postgresql Database

  •  Check if application db drivers (e.g. postgresql jdbc ) support scram method. If not, replace with the newer version. In addition, Postgresql version should be above 10.0.
  • Uncomment  password_encyrption line if commented, and then set it to scram-sha-256. It should look like below: 

         password_encryption = scram-sha-256 

  • All passwords in database should be re-entered so they can be encrypted with new method.
  • Before going further, check if all roles are encrypted with scram-sha-256 via running the query below:
        select * from pg_authid;

  • In order to disable logins of users with md5 encryption, pg_hba.conf also should be edited. Example entries are as below:

   

        # TYPE DATABASE USER ADDRESS METHOD

         host         all         all         127.0.0.1/32                 scram-sha-256

        host         all          all          192.168.1.23/32         scram-sha-256

  • After editing all conf. files, log in to database via psql or some gui tool with superuser and run the command below:
        select pg_reload_conf();

  • All done. As a side note, by running the sql below, you can check pg_hba_conf file rules:
        select * from pg_hba_file_rules;

     

 

Comments

Post a Comment

Popular posts from this blog

Oracle Database Upgrade With OPatch Tool (RHEL/Centos/OEL)

Follow these steps to upgrade an Oracle Database using the OPatch tool: 1. Download and Prepare Files Download the patch you want to install along with the latest OPatch tool from Oracle's website. Transfer all downloaded files to the /tmp/ directory, and unzip them. Ensure the correct permissions and ownership are set: chown -R oracle:oinstall p26710464_122010_Linux-x86-64.zip chown -R oracle:oinstall p6880880_122010_Linux-x86-64.zip unzip p26710464_122010_Linux-x86-64.zip unzip p6880880_122010_Linux-x86-64.zip 2. Replace the OPatch Folder Replace the current OPatch folder inside the Oracle database files with the new one: cd $ORACLE_HOME cp -R OPatch OPatch_yedek # Backup current OPatch folder. rm -rf OPatch cp -R /tmp/Opatch . Verify the OPatch version and list applied patches: cd OPatch ./opatch lspatches 3. Check for Conflicts Navigate to the patch folder and run the following command to check for conflicts before starting the upgrade: cd /tmp/26710464/ $O
Read more

POSTGRESQL UPGRADE WITH PG_UPGRADE UTILITY IN RHEL/CENTOS/OEL

Upgrading PostgreSQL can be a smooth process if you follow the necessary steps carefully. Below is a comprehensive guide to help you through the upgrade. Table of Contents Prerequisites Install the New PostgreSQL Version Set Up New Directories and Permissions Initialize the New Database Configure PostgreSQL Settings Stop and Disable Old PostgreSQL Services Run the Upgrade Process Finalize the Upgrade Post-Upgrade Tasks Prerequisites Before initiating the upgrade, ensure the following prerequisites are met: Internet Connection: Required for downloading packages. PostgreSQL RPM Packages: Necessary for installation. Free Disk Space: Ensure you have more free space than the current database size. Compatibility Checks: Verify PostgreSQL extension compatibility. Crontab Jobs: Identify any cron jobs related to PostgreSQL. Note: Skipping these checks may result in errors during the upgrade process. Install the New PostgreSQL Versio
Read more

Backup Recovery Scenarios

 -----taking full backup (compressed) ------------ RUN {   ALLOCATE CHANNEL ch1 DEVICE TYPE DISK FORMAT '/backup/%U';   ALLOCATE CHANNEL ch2 DEVICE TYPE DISK FORMAT '/backup/%U';   ALLOCATE CHANNEL ch3 DEVICE TYPE DISK FORMAT '/backup/%U';   ALLOCATE CHANNEL ch4 DEVICE TYPE DISK FORMAT '/backup/%U';      BACKUP AS COMPRESSED BACKUPSET DATABASE PLUS ARCHIVELOG;      RELEASE CHANNEL ch1;   RELEASE CHANNEL ch2;   RELEASE CHANNEL ch3;   RELEASE CHANNEL ch4; } ------- some datafiles are missing, full backup available ------- rman target / sql 'startup mount'; list backup of database summary; --Buradaki tag bilgisi alınır ve restore başlatılır. RESTORE DATABASE from tag TAG20240317T180940; RECOVER DATABASE; -- RMAN-06054: media recovery requesting unknown archived log for thread 1 with sequence 126 and starting SCN of 2605758 -- If you get an error like above, run the command below: recover database until sequence 126; alter database open resetlogs; --
Read more