Open Extarys opened 2 years ago
Please see https://docs.yugabyte.com/preview/secure/authentication/password-authentication/.
My guess is that when you update the password, it's saved in MD5, then you change the config to scram-sha-256, but the password is hashed as MD5, so it doesn't match.
No the line --ysql_pg_conf=password_encryption=scram-sha-256
is there as soon as I start the docker container for the first time. I did make that mistake the first time around though! :joy:
The 3 lines I add after I change the password are:
--ysql_enable_auth=true
--ysql_hba_conf_csv=host all all 0.0.0.0/0 scram-sha-256,host all all ::0/0 scram-sha-256
--use_client_to_server_encryption=true
EDIT:
Even the docs suggest the default password is yugabyte
when auth is enabled, which I cannot get to work. I could start the server with the the above flags and it should still work.
Ref: https://docs.yugabyte.com/preview/secure/authentication/password-authentication/#yugabytedb-database-passwords
Can you try just changing the password without enabling encryption? So doing separate steps.
Jira Link: DB-2541
Description
Every time I set the yugabyte password I get locked out, I'm not sure what is happening - probably my fault though but I can't seem to put the finger on it. (I also prefer to use master/tserver as opposed to yugabyted to avoid any complication down the road if I want to had servers)
I created a docker compose file with both
master
andtserver
. (Docker compose excerpt down below) I loadtserver
with the initial config:Then I restart it and log in and change the yugabyte password: (Where
172.20.0.5
is the IP of the docker container itself, could also try 127.0.0.1)After that, I update the tserver configuration to use auth by uncommenting the 3 lines, so it looks like this:
Restart the container to make sure the config file was read, try logging in:
docker exec -it yb-tserver-n1 /home/yugabyte/bin/ysqlsh --host=172.20.0.5 --echo-queries -U yugabyte -W
Enter password:bobisawesome
(He really is)ysqlsh: FATAL: password authentication failed for user "yugabyte"
I noticed it worked if I use
\password
command though, but since I'd like to copy/paste the file containing all the commands I need to make the initial users and schemas, it would be easier. I also destroy my installation by playing with different docker and yb configuration (encryption at rest is a good example on how I broke my last install :smile: ), therefore using\password
breaks the flow.tserver docker options as follows: