On 11/22/23 09:03, Atul Kumar wrote:
The entries that I changed were to replace the md5 with scram-sha-256
and remove unnecessary remote IPs.
FYI from:
https://www.postgresql.org/docs/current/auth-password.html
md5
The method md5 uses a custom less secure challenge-response
mechanism. It prevents password sniffing and avoids storing passwords on
the server in plain text but provides no protection if an attacker
manages to steal the password hash from the server. Also, the MD5 hash
algorithm is nowadays no longer considered secure against determined
attacks.
The md5 method cannot be used with the db_user_namespace feature.
To ease transition from the md5 method to the newer SCRAM method,
if md5 is specified as a method in pg_hba.conf but the user's password
on the server is encrypted for SCRAM (see below), then SCRAM-based
authentication will automatically be chosen instead.
But it has nothing to do with connecting the server locally with "psql
-d postgres -U postgres -h localhost"
The error:
no pg_hba.conf entry for host "::1", user "postgres", database "postgres
says it does and the error is correct as you do not have an IPv6 entry
for localhost in pg_hba.conf. At least in the snippet you showed us.
But when I try to connect it locally I get this error. So it is related
When you say connect locally do you mean to localhost or to local(socket)?
to local connections only and when I pass the hostname or ip of the
server it works fine without any issue.
Regards.
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
