Closed cryptomilk closed 9 months ago
For scram you probably need to send the plaintext to the server.
Setting encrypted: False
should do that, but then it fails to create the user.
if you need a test DB:
initdb --data-checksums --pwprompt --auth=scram-sha-256 --encoding=UTF-8 --locale=C.UTF-8 .
3 2020-09-10 15:18:40.594 CEST postgres postgres [21889]ERROR: UNENCRYPTED PASSWORD is no longer supported at character 45
4 2020-09-10 15:18:40.594 CEST postgres postgres [21889]HINT: Remove UNENCRYPTED to store the password in encrypted form instead.
I think the easiest is to just remove the encrypted stuff as postgres does the right thing for you
Hotfix:
--- modules/postgres.py.orig 2020-09-10 17:44:58.766340926 +0200
+++ modules/postgres.py 2020-09-10 17:45:05.074350846 +0200
@@ -1063,11 +1063,6 @@
'test': bool(connlimit),
'addtxt': six.text_type(connlimit),
'skip': connlimit is None},
- {'flag': 'ENCRYPTED',
- 'test': (encrypted is not None and bool(rolepassword)),
- 'skip': skip_passwd or isinstance(rolepassword, bool),
- 'cond': encrypted,
- 'prefix': 'UN'},
{'flag': 'PASSWORD', 'test': bool(rolepassword),
'skip': skip_passwd,
'addtxt': escaped_password},
Ping!
Knock knock
As mentioned, the SCRAM-SHA-256 for postgres states is already supported in Salt 3006.0.
This issue can be closed. Thanks.
Description of Issue/Question
Creating a postgres user with:
only supports md5 and not scram-sha256! I would expect something like:
Versions Report
(Provided by running
salt --versions-report
. Please also mention any differences in master/minion versions.)