Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1swPnu-003gMM-61 for pgsql-admin@arkaria.postgresql.org; Thu, 03 Oct 2024 17:39:54 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1swPnt-001Ej7-Gl for pgsql-admin@arkaria.postgresql.org; Thu, 03 Oct 2024 17:39:53 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1swPnt-001Eip-4T for pgsql-admin@lists.postgresql.org; Thu, 03 Oct 2024 17:39:53 +0000 Received: from mail-oo1-xc2a.google.com ([2607:f8b0:4864:20::c2a]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1swPno-002NlH-La for pgsql-admin@lists.postgresql.org; Thu, 03 Oct 2024 17:39:52 +0000 Received: by mail-oo1-xc2a.google.com with SMTP id 006d021491bc7-5e56759e6d7so696879eaf.3 for ; Thu, 03 Oct 2024 10:39:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1727977188; x=1728581988; darn=lists.postgresql.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=bRgEnVNXQgjAGm3cqe0fJ4l6l9e98m90yfqVkQpxSxs=; b=Z9hc+J9gro/5ATRfqFXwLUnlfiiuHQ4c7xcvtTqyPVAQ+6ZuwQ/tk67JQv6uuMTZZb Iud+XUFoJ6Tw3mUTQ2XRcVGOohyveOo++ldg+uw1pJJRS88OEd0rLprVtZHLRjU26Ojg rW7LzvxJM/+8qV2qMmEjTh9kv/x62hySnpxXCXJ+hLpjUd9kOh+zD+iEkjgBn0Gzg8zF ai7rVUD75uaV3uHlea+XUjRsWRX70wfjCte+xqmI0l8jzUUj46F8dYFI3R8Svgx2apYc XtMzwx1EREQVDOJAex5YXegJFUZ/L0Uza7NHY7gi/9auESHHNgF/VMT1sqo8dGEt+XP1 uRFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727977188; x=1728581988; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=bRgEnVNXQgjAGm3cqe0fJ4l6l9e98m90yfqVkQpxSxs=; b=u8Gg8+6ydTITA2WvN6HiuHidn9dR/VTV68YKXTOHqEGhlgY1jcj0omNyYBihLGslFX PmV5yr6zfl5+5e1ZyaMRlS+ZX9532MsYQo6g525pAs0ZkowtwE7O8o5s+uMrQNKUIIfy LQ9n5/HFif91pnLQ7emTZ3EkOxRwFdeEI8pCFJwFJnqWy8dglg/0mLc7oQLNPWqySN5g i+F9EOQ/j8OQTrpw18CY2rzJ3OvIP6LXTW2jjjcwZ2RqmhPJrOgLjALUeKwx3BwgJ4iW UnNmaeA1S2EBJqCSPrGQ81oBIU4G3rem+CChy0ZQyZNnMM2VTlhH7eoh8NPgwEQM5Z0e KX9Q== X-Gm-Message-State: AOJu0YzkGYvUaJmMUwF7nQdJCFveP4urrLk/NwmpwX5y2qpAUtPFgw1q p7NUKueKQ9EjV64QoXGCCApoH+zz/ivBsKvrIAaFUe3t8vtaZqL+pD7nhODXdKqBMewdM1z0K06 uT4ykwoEnGuO3IChDripfnx3S3e3FnQ== X-Google-Smtp-Source: AGHT+IESfKo//gumB8qKPtNGd429NZpfC5/uS9lw+He7LiK1z9heqz4Fg6DBmfnp2AG1DkG4ORSr76gBvABFBWZ+G6w= X-Received: by 2002:a05:6871:8a9:b0:27b:61df:2160 with SMTP id 586e51a60fabf-287c1fbbd98mr207632fac.31.1727977188215; Thu, 03 Oct 2024 10:39:48 -0700 (PDT) MIME-Version: 1.0 References: <3b111b08b49a9ba4ccc70f3638a366ad721eea6e.camel@cybertec.at> In-Reply-To: <3b111b08b49a9ba4ccc70f3638a366ad721eea6e.camel@cybertec.at> From: Ron Johnson Date: Thu, 3 Oct 2024 13:39:37 -0400 Message-ID: Subject: Re: Can't log in after password change To: Pgsql-admin Content-Type: multipart/alternative; boundary="0000000000007bd2fb0623960a72" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --0000000000007bd2fb0623960a72 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Oct 3, 2024 at 1:34=E2=80=AFPM Laurenz Albe wrote: > On Thu, 2024-10-03 at 13:21 -0400, Ron Johnson wrote: > > PG 14.13 > > > > Changed a user's expired password from user "postgres", and now that > user can't log in. > > > > I know it's something simple, but I just can't see it. > > > > Linux server: > > > > $ ssh -q FISPCDSPGS401A grep 11026270 '$PGDATA'/pg_hba.conf > > host all 11026270 10.176.64.0/22 > scram-sha-256 > > > > $ psql -h FISPCDSPGS401A > > keyword | value > > ----------+--------------- > > database | postgres > > user | postgres > > host | 10.143.170.55 > > port | 5432 > > (4 rows) > > > > psql (16.4, server 14.13) > > Type "help" for help. > > > > postgres=3D# ALTER ROLE "11026270" WITH PASSWORD 'blarge'; > > ALTER ROLE > > postgres=3D# select rolpassword from pg_authid where rolname=3D'1102627= 0'; > > > rolpassword > > > -------------------------------------------------------------------------= -------------------------------------------------------------- > > > SCRAM-SHA-256$4096:x551tt4biKIvossG7VwbjA=3D=3D$syOJXKLOFZ8/LHUxHq8rE5q5= dCEDNzB5wgOAHq1vmdI=3D:q670pqidak6v8YjP9KCCWrRmfkkJSvyf/AL0Ydg1k/o=3D > > (1 row) > > > > Windows server: > > > > C:\Users\11026270>psql -h FISPCDSPGS401A postgres > > Password for user 11026270: > > psql: error: connection to server at "FISPCDSPGS401A" (10.143.170.55), > port 5432 failed: FATAL: password authentication failed for user "110262= 70" > > Did you look at the error message in the server log? > What does it say? > Expired password. I guess I assumed that the ALTER ROLE would nullify it. And that psql would mention it. --=20 Death to , and butter sauce. Don't boil me, I'm still alive. crustacean! --0000000000007bd2fb0623960a72 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
On Thu, Oct 3, 2024 at 1:34=E2=80=AFPM La= urenz Albe <laurenz.albe@cyb= ertec.at> wrote:
On Thu, 2024-10-03 at 13:21 -0400, Ron J= ohnson wrote:
> PG 14.13
>
> Changed a user's expired password from user "postgres", = and now that user can't log in.
>
> I know it's something simple, but I just can't see it.
>
> Linux server:
>
> $ ssh -q FISPCDSPGS401A grep 11026270 '$PGDATA'/pg_hba.conf > host =C2=A0 =C2=A0all =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 110262= 70 =C2=A0 =C2=A0 =C2=A0 =C2=A010.176.64.0/22 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0scram-sha-256
>
> $ psql -h FISPCDSPGS401A
> =C2=A0keyword =C2=A0| =C2=A0 =C2=A0 value =C2=A0 =C2=A0
> ----------+---------------
> =C2=A0database | postgres
> =C2=A0user =C2=A0 =C2=A0 | postgres
> =C2=A0host =C2=A0 =C2=A0 | 10.143.170.55
> =C2=A0port =C2=A0 =C2=A0 | 5432
> (4 rows)
>
> psql (16.4, server 14.13)
> Type "help" for help.
>
> postgres=3D# ALTER ROLE "11026270" WITH PASSWORD 'blarge= ';
> ALTER ROLE
> postgres=3D# select rolpassword from pg_authid where rolname=3D'11= 026270';
> =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 r= olpassword =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0
> ----------------------------------------------------------------------= -----------------------------------------------------------------
> =C2=A0SCRAM-SHA-256$4096:x551tt4biKIvossG7VwbjA=3D=3D$syOJXKLOFZ8/LHUx= Hq8rE5q5dCEDNzB5wgOAHq1vmdI=3D:q670pqidak6v8YjP9KCCWrRmfkkJSvyf/AL0Ydg1k/o= =3D
> (1 row)
>
> Windows server:
>
> C:\Users\11026270>psql -h FISPCDSPGS401A postgres
> Password for user 11026270:
> psql: error: connection to server at "FISPCDSPGS401A" (10.14= 3.170.55), port 5432 failed: FATAL: =C2=A0password authentication failed fo= r user "11026270"

Did you look at the error message in the server log?
What does it say?

Expired password.=C2= =A0 I guess I assumed that the ALTER=C2=A0ROLE would nullify it.=C2=A0 And = that psql would mention it.

--
=
Death to <Redacted>, and butter sauce.
Don't= boil me, I'm still alive.
<Redacted> crustacean!
--0000000000007bd2fb0623960a72--