-
Notifications
You must be signed in to change notification settings - Fork 819
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to connect to remote postgres 13.1 using scram-sha-256 or md5 but password authentication works #1970
Comments
in order to use scram you need to change the password_encryption to scram-sha-256 in postgresql.conf. Then update the users password. See https://www.postgresql.org/docs/current/auth-password.html |
Password encryption is set to scram-sha-256 in postgresql.conf |
Have you updated your password since then ? I have tried this on my machine and it works fine on v13. |
Nope. I havent. I think I am hitting some edge case or doing something very silly. |
After changing it you need to update the password. See the link i sent
…On Sun., Nov. 29, 2020, 10:47 a.m. Hemil Ruparel, ***@***.***> wrote:
Nope. I havent. I think I am hitting some edge case or doing something
very silly.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#1970 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADDH5R6W4WOCVJLY4EGPKDSSJUHVANCNFSM4UF5NUCA>
.
|
I haven't upgraded to scram-sha-256. My installation uses scram by default
…On Sun 29 Nov, 2020, 9:21 PM Dave Cramer, ***@***.***> wrote:
After changing it you need to update the password. See the link i sent
On Sun., Nov. 29, 2020, 10:47 a.m. Hemil Ruparel, <
***@***.***>
wrote:
> Nope. I havent. I think I am hitting some edge case or doing something
> very silly.
>
> —
> You are receiving this because you commented.
> Reply to this email directly, view it on GitHub
> <#1970 (comment)>,
or
> unsubscribe
> <
https://github.com/notifications/unsubscribe-auth/AADDH5R6W4WOCVJLY4EGPKDSSJUHVANCNFSM4UF5NUCA
>
> .
>
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1970 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHDTSDX3C6KU6HLBTVDNTBTSSJUYLANCNFSM4UF5NUCA>
.
|
I haven't contributed to open source so far. I think I want to fix this bug myself. Also, I have no choice as I really need to be able to connect to my database using jdbc and you cant reproduce it. Can you point me to resources where I can start with? |
I tested with jdk8. I will try to test with jdk7. In the meantime you can look https://github.com/ongres/scram here as this is where the code comes from |
OK, so this is the server logs when I have an md5 password [unknown] 2020-11-30 08:50:33.704 EST [48536] FATAL: password authentication failed for user "testscram" So it appears you have scram passwords. |
Yes. I do
…On Mon, Nov 30, 2020 at 7:24 PM Dave Cramer ***@***.***> wrote:
OK, so this is the server logs when I have an md5 password
[unknown] 2020-11-30 08:50:33.704 EST [48536] FATAL: password
authentication failed for user "testscram"
[unknown] 2020-11-30 08:50:33.704 EST [48536] DETAIL: User "testscram"
does not have a valid SCRAM secret.
Connection matched pg_hba.conf line 91: "host all all 127.0.0.1/32
scram-sha-256"
So it appears you have scram passwords.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1970 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHDTSDTTOKYAQ63MQKSOJRTSSOPYNANCNFSM4UF5NUCA>
.
|
Ok, I tested this with jdk7 and it works fine. The only thing left is the encoding.
then my connection string is
|
my password has spaces in it (which are legal i guess) if that matters. |
No, you cannot use spaces. That is the problem
Dave Cramer
…On Mon, 30 Nov 2020 at 09:14, Hemil Ruparel ***@***.***> wrote:
my password has spaces in it (which are legal i guess) if that matters.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#1970 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADDH5RBPA767SDJ5QH3QV3SSOSC3ANCNFSM4UF5NUCA>
.
|
I can connect with passwords password. Seems like jdbc is unable to encode passwords with spaces |
Is there documentation for what characters can and cannot be used in
passwords?
On Mon, Nov 30, 2020 at 7:46 PM Dave Cramer <notifications@github.com>
wrote:
… No, you cannot use spaces. That is the problem
Dave Cramer
On Mon, 30 Nov 2020 at 09:14, Hemil Ruparel ***@***.***>
wrote:
> my password has spaces in it (which are legal i guess) if that matters.
>
> —
> You are receiving this because you commented.
> Reply to this email directly, view it on GitHub
> <#1970 (comment)>,
or
> unsubscribe
> <
https://github.com/notifications/unsubscribe-auth/AADDH5RBPA767SDJ5QH3QV3SSOSC3ANCNFSM4UF5NUCA
>
> .
>
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1970 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHDTSDWVPRRXHMRV3L3S653SSOSNDANCNFSM4UF5NUCA>
.
|
seems it is more complicated than that. Let me dig into this. But for now this is your problem |
As far as I know, passwords with spaces are not explicitly prohibited. I
mean the postgres did not complain. And I can connect using python. So I
guess it is allowed?
I would like to help. Let me know if there is anything I can do to fix it
…On Mon, Nov 30, 2020 at 7:53 PM Dave Cramer ***@***.***> wrote:
seems it is more complicated than that. Let me dig into this. But for now
this is your problem
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1970 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHDTSDVP5X4Y5RWGLBI5KXDSSOTGHANCNFSM4UF5NUCA>
.
|
see https://github.com/MagicStack/asyncpg/blob/master/asyncpg/protocol/scram.pyx#L288 and https://github.com/mongodb/mongo-python-driver/blob/master/pymongo/saslprep.py for how to deal with spaces. I imagine the java implementation is not doing it correctly |
Can you give me two days to find and submit the patch? I want to
contribute. I have never contributed before.
…On Mon, Nov 30, 2020 at 8:51 PM Dave Cramer ***@***.***> wrote:
see
https://github.com/MagicStack/asyncpg/blob/master/asyncpg/protocol/scram.pyx#L288
and
https://github.com/mongodb/mongo-python-driver/blob/master/pymongo/saslprep.py
for how to deal with spaces. I imagine the java implementation is not doing
it correctly
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1970 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHDTSDSPVXNTG5JMUWDWZVLSSOZ77ANCNFSM4UF5NUCA>
.
|
Have at it,
However the patch will be on the scram implementation.
Thanks!
Dave Cramer
On Mon, 30 Nov 2020 at 10:45, Hemil Ruparel <notifications@github.com>
wrote:
… Can you give me two days to find and submit the patch? I want to
contribute. I have never contributed before.
On Mon, Nov 30, 2020 at 8:51 PM Dave Cramer ***@***.***>
wrote:
> see
>
https://github.com/MagicStack/asyncpg/blob/master/asyncpg/protocol/scram.pyx#L288
> and
>
https://github.com/mongodb/mongo-python-driver/blob/master/pymongo/saslprep.py
> for how to deal with spaces. I imagine the java implementation is not
doing
> it correctly
>
> —
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub
> <#1970 (comment)>,
or
> unsubscribe
> <
https://github.com/notifications/unsubscribe-auth/AHDTSDSPVXNTG5JMUWDWZVLSSOZ77ANCNFSM4UF5NUCA
>
> .
>
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#1970 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADDH5WGD7UDAYAO7O2ECH3SSO4YTANCNFSM4UF5NUCA>
.
|
I found the bug. It was in Scram implementation. Here is the pull request. If you know the maintainer, please ask them to accept the merge request. Because I will also have to fork pgjdbc and upgrade its scram implementation to use the fixed version |
will do. Thanks! |
A fix should come in PgJDBC 42.2.19 |
I'm submitting a ...
Describe the issue
I am unable to connect to my remote postgresql database when using md5 or scram-sha-256 on server as authentication method. The password authentication method works fine. One weird thing is that, I am able to connect to the database using psql and python's psycopg2 driver.
Driver Version?
42.2.18
Java Version?
openjdk 11.0.9 2020-10-20
OpenJDK Runtime Environment JBR-11.0.9.11-944.49-jcef (build 11.0.9+11-b944.49)
OpenJDK 64-Bit Server VM JBR-11.0.9.11-944.49-jcef (build 11.0.9+11-b944.49, mixed mode)
OS Version?
Ubuntu 20.04
PostgreSQL Version?
PostgreSQL 13.1
To Reproduce
Steps to reproduce the behaviour:
Expected behaviour
I should be able to connect to the database
Logs
When using scram-sha-256:
Driver log:
When using md5:
Driver log:
Here is the pg_hba.conf:
Please note, the same code works when lines with scram-sha256 and md5 are commented out
The text was updated successfully, but these errors were encountered: