From: =?iso-8859-2?Q?Domen_=A9etar?= <domen.setar@izum.si>
To: "pgsql-admin@lists.postgresql.org" <pgsql-admin@lists.postgresql.org>
Subject: Unexpected authentication behaviour 
Thread-Topic: Unexpected authentication behaviour 
Thread-Index: Adr4Vc5cAencq2qqQ9CIxgoTYpAAcw==
Date: Tue, 27 Aug 2024 08:00:15 +0000
Message-ID: <cf9da30891024073938cdb23be9efaf5@izum.si>
Accept-Language: sl-SI, en-US
Content-Language: en-US
Content-Type: multipart/related;
	boundary="_004_cf9da30891024073938cdb23be9efaf5izumsi_";
	type="multipart/alternative"
MIME-Version: 1.0
Archived-At: 
 <https://www.postgresql.org/message-id/cf9da30891024073938cdb23be9efaf5%40izum.si>
Precedence: bulk

--_004_cf9da30891024073938cdb23be9efaf5izumsi_
Content-Type: multipart/alternative;
	boundary="_000_cf9da30891024073938cdb23be9efaf5izumsi_"

--_000_cf9da30891024073938cdb23be9efaf5izumsi_
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

Hi Admins,

I have strange issue that I can't explain to myself:

I want to use scram-sha-256 authentication on postgresql 16.
Parameter password_encryption is set to scram-sha-256. I defined a user wit=
h scram-sha-256 encoded password.
My pg_hba.conf have  following  lines:

# TYPE  DATABASE        USER            ADDRESS                 METHOD
local      all                          all                                =
                          peer
host       all                          all                   samenet      =
               md5

Even though there is defined md5 authentication method for remote logins in=
 pg_hba.conf I can make remote login to my postgresql server which is unexp=
ected behaviour of postgresql.
What did I miss?

Best regards!
[izum]

Domen =A9etar
Computer Systems Support
IZUM - Institute of Information Science | Pre=B9ernova ulica 17 | 2000 Mari=
bor | Slovenia
T: +386 2 25 20 339 | M: +386 41 676 342 | www.izum.si<http://www.izum.si/>=
 | domen.setar@izum.si<mailto:domen.setar@izum.si>


--_000_cf9da30891024073938cdb23be9efaf5izumsi_
Content-Type: text/html; charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
2">
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	font-size:12.0pt;
	font-family:"Aptos",sans-serif;
	mso-ligatures:standardcontextual;
	mso-fareast-language:EN-US;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Aptos",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	mso-fareast-language:EN-US;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"SL" link=3D"#467886" vlink=3D"#96607D" style=3D"word-wrap:bre=
ak-word">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">Hi Admins,<o:p></o:=
p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><o:p>&nbsp;</o:p></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">I have strange issu=
e that I can't explain to myself:<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><o:p>&nbsp;</o:p></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">I want to use scram=
-sha-256 authentication on postgresql 16.
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">Parameter password_=
encryption is set to scram-sha-256. I defined a user with scram-sha-256 enc=
oded password.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">My pg_hba.conf have=
 &nbsp;following &nbsp;lines:<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><o:p>&nbsp;</o:p></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"># TYPE&nbsp; DATABA=
SE&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; USER&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ADDRESS&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; METHO=
D<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">local&nbsp;&nbsp; &=
nbsp;&nbsp;&nbsp;all&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; all&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; peer<o:p></o:p></s=
pan></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">host&nbsp;&nbsp;&nb=
sp; &nbsp;&nbsp;&nbsp;all&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp; all&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;samenet&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;md5<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><o:p>&nbsp;</o:p></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">Even though there i=
s defined md5 authentication method for remote logins in pg_hba.conf I can =
make remote login to my postgresql server which is unexpected behaviour of =
postgresql.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt">What did I miss?<o:=
p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt"><o:p>&nbsp;</o:p></=
span></p>
<p class=3D"MsoNormal" style=3D"margin-bottom:10.0pt;line-height:115%;text-=
autospace:ideograph-other;vertical-align:baseline">
<span style=3D"font-size:11.0pt;line-height:115%;font-family:&quot;Calibri&=
quot;,sans-serif;mso-ligatures:none">Best regards!<o:p></o:p></span></p>
<table class=3D"MsoNormalTable" border=3D"0" cellspacing=3D"0" cellpadding=
=3D"0" width=3D"0" style=3D"border-collapse:collapse">
<tbody>
<tr style=3D"height:58.6pt">
<td width=3D"15" style=3D"width:11.45pt;padding:0cm 0cm 0cm 0cm;height:58.6=
pt">
<p class=3D"MsoNormal" align=3D"center" style=3D"text-align:center"><span s=
tyle=3D"font-family:&quot;Calibri&quot;,sans-serif;mso-fareast-language:SL"=
><img width=3D"71" height=3D"71" style=3D"width:.7395in;height:.7395in" id=
=3D"Picture_x0020_7" src=3D"cid:image002.jpg@01DAF867.EA158610" alt=3D"izum=
"><span style=3D"mso-ligatures:none"><o:p></o:p></span></span></p>
</td>
<td width=3D"542" style=3D"width:406.75pt;padding:0cm 0cm 0cm 2.85pt;height=
:58.6pt">
<p class=3D"MsoNormal" style=3D"margin-left:1.35pt"><span style=3D"font-fam=
ily:&quot;Calibri&quot;,sans-serif;color:#548DD4;mso-ligatures:none;mso-far=
east-language:SL">Domen =A9etar</span><span style=3D"font-size:14.0pt;font-=
family:&quot;Calibri&quot;,sans-serif;color:#1F497D;mso-ligatures:none;mso-=
fareast-language:SL"><br>
</span><i><span lang=3D"EN-GB" style=3D"font-size:10.0pt;font-family:&quot;=
Calibri&quot;,sans-serif;color:#333333;mso-ligatures:none;mso-fareast-langu=
age:SL">Computer Systems Support</span></i><span style=3D"font-family:&quot=
;Calibri&quot;,sans-serif;color:#1F497D;mso-ligatures:none;mso-fareast-lang=
uage:SL"><br>
</span><span style=3D"font-size:10.0pt;font-family:&quot;Calibri&quot;,sans=
-serif;color:#939598;mso-ligatures:none;mso-fareast-language:SL">IZUM &#821=
1; Institute of Information Science</span><span style=3D"font-size:10.0pt;f=
ont-family:&quot;Calibri&quot;,sans-serif;color:#F57E20;mso-ligatures:none;=
mso-fareast-language:SL">
</span><span style=3D"font-size:10.0pt;font-family:&quot;Calibri&quot;,sans=
-serif;color:#939598;mso-ligatures:none;mso-fareast-language:SL">| Pre=B9er=
nova ulica 17 | 2000 Maribor |</span><span style=3D"font-size:10.0pt;font-f=
amily:&quot;Calibri&quot;,sans-serif;color:#F57E20;mso-ligatures:none;mso-f=
areast-language:SL">
</span><span style=3D"font-size:10.0pt;font-family:&quot;Calibri&quot;,sans=
-serif;color:#939598;mso-ligatures:none;mso-fareast-language:SL">Slovenia</=
span><i><span style=3D"font-size:10.0pt;font-family:&quot;Calibri&quot;,san=
s-serif;color:#333333;mso-ligatures:none;mso-fareast-language:SL"><br>
</span></i><span style=3D"font-size:10.0pt;font-family:&quot;Calibri&quot;,=
sans-serif;color:#939598;mso-ligatures:none;mso-fareast-language:SL">T: =
3;386 2 25 20 339</span><span style=3D"font-size:10.0pt;font-family:&quot;C=
alibri&quot;,sans-serif;color:#F57E20;mso-ligatures:none;mso-fareast-langua=
ge:SL">
</span><span style=3D"font-size:10.0pt;font-family:&quot;Calibri&quot;,sans=
-serif;color:#939598;mso-ligatures:none;mso-fareast-language:SL">| M: &#43;=
386 41 676 342</span><span style=3D"font-size:10.0pt;font-family:&quot;Cali=
bri&quot;,sans-serif;color:#F57E20;mso-ligatures:none;mso-fareast-language:=
SL">
</span><span style=3D"font-size:10.0pt;font-family:&quot;Calibri&quot;,sans=
-serif;color:#939598;mso-ligatures:none;mso-fareast-language:SL">|
</span><span style=3D"font-family:&quot;Times New Roman&quot;,serif;mso-lig=
atures:none;mso-fareast-language:SL"><a href=3D"http://www.izum.si/"><span =
style=3D"font-size:10.0pt;font-family:&quot;Calibri&quot;,sans-serif;color:=
#548DD4">www.izum.si</span></a></span><span style=3D"font-size:10.0pt;font-=
family:&quot;Calibri&quot;,sans-serif;color:#548DD4;mso-ligatures:none;mso-=
fareast-language:SL">
</span><span style=3D"font-size:10.0pt;font-family:&quot;Calibri&quot;,sans=
-serif;color:#939598;mso-ligatures:none;mso-fareast-language:SL">|</span><s=
pan style=3D"font-size:10.0pt;font-family:&quot;Calibri&quot;,sans-serif;co=
lor:#73BD9A;mso-ligatures:none;mso-fareast-language:SL">
</span><span style=3D"font-size:10.0pt;font-family:&quot;Calibri&quot;,sans=
-serif;mso-ligatures:none;mso-fareast-language:SL"><a href=3D"mailto:domen.=
setar@izum.si"><span style=3D"color:blue">domen.setar@izum.si</span></a></s=
pan><span lang=3D"EN-GB" style=3D"font-family:&quot;Calibri&quot;,sans-seri=
f;mso-ligatures:none;mso-fareast-language:SL"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;mso-ligatures:none;m=
so-fareast-language:SL"><o:p>&nbsp;</o:p></span></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
</body>
</html>

--_000_cf9da30891024073938cdb23be9efaf5izumsi_--

--_004_cf9da30891024073938cdb23be9efaf5izumsi_
Content-Type: image/jpeg; name="image002.jpg"
Content-Description: image002.jpg
Content-Disposition: inline; filename="image002.jpg"; size=1318;
	creation-date="Tue, 27 Aug 2024 08:00:15 GMT";
	modification-date="Tue, 27 Aug 2024 08:00:15 GMT"
Content-ID: <image002.jpg@01DAF867.EA158610>
Content-Transfer-Encoding: base64

/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0a
HBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIy
MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCABHAEcDASIA
AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA
AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3
ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm
p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEA
AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK
U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD3+iii
gArN1OR0vdIVXZVe8ZXAONw8mU4P4gH8K0qwvE2q6ZoqaZfarctbwJeYVwpYbjFIOcc4xn8cVUU2
7ImTsrhqU0qaN4idZXVokk8tg2Cn7hTx6c81uD7o+lcFf+PfBsmmarF/bYb7Wj5VInLDMYTAyME8
frXer90fSnKLjuhRkm9GLRRRUFhRRRQAUUUUAFZev2Oj32lsuuR2z2UbCQm4ICoR0OT06n8zWpXJ
+PNP07VLPSbTVGuBbPqAOLeMuxYQykAgAnHHPB/qLp/EiZ/Czj4brw1f6odK0bwvDr1swMc1zBYR
QtDkdfMwqnrx936mvWx0rjfsNg2lyaZa6tqNlDLG0KD7KIUXcMDnylA6+oNdkOgqqruyKSsLRRRW
RqFFFFABRRRQAVz3i7XZfD9pYXUOmy6g0l2IjDCu6QAxyElR6jb+Wa6Guc8Y3mtWVnp76FFDPeNd
4MMuMSIIpGKg9j8vXIq6avJJkVHaLOavfGer67ZT6VY+DtWjmvI2g827iMccYYbdzHHQZzivRYlZ
YkVm3MFAJ9TXn8vjKDxFoGoJaXVzo2v2MDym0lO1wyrkjBGHHHpkegzXoQ+6PpV1VbS1iaevW4tF
FFYmoUUUUAFFFFABXM+NLvTLG00y51S/ubCOO+UxXMAB2P5cn3gVbKkbh07iumrG1+ysNQfS7XUL
NLqJ7w7UkAKhhDKckEHdxnj1IParhZS1Jnfl0OB8X6v8O/Etg8lxqii+ijJiuIImEuQOn3QDn0P6
V6sv3R9K4/UfDfhhdJ1iQ+HNPH2WJwfLgRWOIw3DbflPOM9sZrsB0FVUlFpKN/mRTi022LRRRWRq
FFFFABRRRQAVmar/AMf+i/8AX63/AKImooprcUtilqv/ACA/E/8A1zk/9J1rfHQUUU3sJbi0UUVJ
QUUUUAf/2Q==

--_004_cf9da30891024073938cdb23be9efaf5izumsi_--