{"id":16766,"date":"2021-11-03T12:59:08","date_gmt":"2021-11-03T11:59:08","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\/"},"modified":"2024-11-08T15:41:36","modified_gmt":"2024-11-08T14:41:36","slug":"postgresql-flexible-server-on-azure-scram-sha-256-workaround","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\/","title":{"rendered":"PostgreSQL Flexible Server on Azure, scram-sha-256 workaround"},"content":{"rendered":"

Microsofts old Single Server for PostgreSQL on Azure offers password encryption md5 only, normaly IT Governance responsible people getting nervous by that.
\nOn the new Flexible Server for PostgreSQL on AZure md5 is still the default setting, but a workaround makes scram-sha-256 posssible to use.<\/p>\n

Since PostgreSQL 10 it is possible to switch from md5 to scram-sha-256, by using community packages scram-sha-256 is the default setting since PostgreSQL 13.<\/p>\n

Within this small block i will descibe how to switch over to scram-sha-256 using Microsofts Flexible Server for PostgreSQL on Azure.<\/p>\n

The Flexible Server has two parameters for the configuration of the password encryption.<\/strong><\/p>\n

azure.accepted_password_auth_method<\/strong><\/p>\n

\nshow azure.accepted_password_auth_method;\nazure.accepted_password_auth_method    md5\n<\/pre>\n
password_encryption<\/strong><\/p>\n
\nshow password_encryption;\npassword_encryption    md5\n<\/pre>\n
The azure.accepted_password_auth_method parameter is auth_method within pg_hba.conf.<\/strong>
\nThe password_encryption is one to one the parameter from postgresql.conf.<\/strong><\/p>\n
Swichting to scram-sha-256 need three steps:<\/strong><\/p>\n
First switch password_encryption to scram-sha-256, keep azure.accepted_password_auth_method on md5:<\/strong><\/p>\n
azure.accepted_password_auth_method<\/strong><\/p>\n
\nshow azure.accepted_password_auth_method;\nazure.accepted_password_auth_method    md5\n<\/pre>\n
password_encryption<\/strong><\/p>\n
\nshow password_encryption;\npassword_encryption    scram-sha-256\n<\/pre>\n
Second renew all user passwords to be rehashed with scram-sha-256!<\/strong><\/p>\n
Third switch azure.accepted_password_auth_metho to scram-sha-256:<\/strong><\/p>\n
azure.accepted_password_auth_method<\/strong><\/p>\n
\nshow azure.accepted_password_auth_method;\nazure.accepted_password_auth_method    scram-sha-256\n<\/pre>\n
password_encryption<\/strong><\/p>\n
\nshow password_encryption;\npassword_encryption    scram-sha-256\n<\/pre>\n
These order is critical, not following means loosing all connectivity to the database including the admin user defined within the Azure portal.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"
Microsofts old Single Server for PostgreSQL on Azure offers password encryption md5 only, normaly IT Governance responsible people getting nervous by that. On the new Flexible Server for PostgreSQL on AZure md5 is still the default setting, but a workaround makes scram-sha-256 posssible to use. Since PostgreSQL 10 it is possible to switch from md5 […]<\/p>\n","protected":false},"author":28,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[955,229,83],"tags":[1338,2602],"type_dbi":[],"class_list":["post-16766","post","type-post","status-publish","format-standard","hentry","category-cloud","category-database-administration-monitoring","category-postgresql","tag-azure","tag-postgresql-2"],"acf":[],"yoast_head":"\nPostgreSQL Flexible Server on Azure, scram-sha-256 workaround - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PostgreSQL Flexible Server on Azure, scram-sha-256 workaround\" \/>\n<meta property=\"og:description\" content=\"Microsofts old Single Server for PostgreSQL on Azure offers password encryption md5 only, normaly IT Governance responsible people getting nervous by that. On the new Flexible Server for PostgreSQL on AZure md5 is still the default setting, but a workaround makes scram-sha-256 posssible to use. Since PostgreSQL 10 it is possible to switch from md5 […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-03T11:59:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-11-08T14:41:36+00:00\" \/>\n<meta name=\"author\" content=\"Open source Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Open source Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\\\/\"},\"author\":{\"name\":\"Open source Team\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/59554f0d99383431eb6ed427e338952b\"},\"headline\":\"PostgreSQL Flexible Server on Azure, scram-sha-256 workaround\",\"datePublished\":\"2021-11-03T11:59:08+00:00\",\"dateModified\":\"2024-11-08T14:41:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\\\/\"},\"wordCount\":216,\"commentCount\":0,\"keywords\":[\"Azure\",\"postgresql\"],\"articleSection\":[\"Cloud\",\"Database Administration & Monitoring\",\"PostgreSQL\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\\\/\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\\\/\",\"name\":\"PostgreSQL Flexible Server on Azure, scram-sha-256 workaround - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\"},\"datePublished\":\"2021-11-03T11:59:08+00:00\",\"dateModified\":\"2024-11-08T14:41:36+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/59554f0d99383431eb6ed427e338952b\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PostgreSQL Flexible Server on Azure, scram-sha-256 workaround\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/#\\\/schema\\\/person\\\/59554f0d99383431eb6ed427e338952b\",\"name\":\"Open source Team\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/eb4fb12e386e8c41fdef0733e8114594cf2653e4f55e9fa2161442b8eaf3f657?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/eb4fb12e386e8c41fdef0733e8114594cf2653e4f55e9fa2161442b8eaf3f657?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/eb4fb12e386e8c41fdef0733e8114594cf2653e4f55e9fa2161442b8eaf3f657?s=96&d=mm&r=g\",\"caption\":\"Open source Team\"},\"url\":\"https:\\\/\\\/www.dbi-services.com\\\/blog\\\/author\\\/open-source-team\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"PostgreSQL Flexible Server on Azure, scram-sha-256 workaround - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\/","og_locale":"en_US","og_type":"article","og_title":"PostgreSQL Flexible Server on Azure, scram-sha-256 workaround","og_description":"Microsofts old Single Server for PostgreSQL on Azure offers password encryption md5 only, normaly IT Governance responsible people getting nervous by that. On the new Flexible Server for PostgreSQL on AZure md5 is still the default setting, but a workaround makes scram-sha-256 posssible to use. Since PostgreSQL 10 it is possible to switch from md5 […]","og_url":"https:\/\/www.dbi-services.com\/blog\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\/","og_site_name":"dbi Blog","article_published_time":"2021-11-03T11:59:08+00:00","article_modified_time":"2024-11-08T14:41:36+00:00","author":"Open source Team","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Open source Team","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\/"},"author":{"name":"Open source Team","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/59554f0d99383431eb6ed427e338952b"},"headline":"PostgreSQL Flexible Server on Azure, scram-sha-256 workaround","datePublished":"2021-11-03T11:59:08+00:00","dateModified":"2024-11-08T14:41:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\/"},"wordCount":216,"commentCount":0,"keywords":["Azure","postgresql"],"articleSection":["Cloud","Database Administration & Monitoring","PostgreSQL"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\/","url":"https:\/\/www.dbi-services.com\/blog\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\/","name":"PostgreSQL Flexible Server on Azure, scram-sha-256 workaround - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"datePublished":"2021-11-03T11:59:08+00:00","dateModified":"2024-11-08T14:41:36+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/59554f0d99383431eb6ed427e338952b"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/postgresql-flexible-server-on-azure-scram-sha-256-workaround\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"PostgreSQL Flexible Server on Azure, scram-sha-256 workaround"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/59554f0d99383431eb6ed427e338952b","name":"Open source Team","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/eb4fb12e386e8c41fdef0733e8114594cf2653e4f55e9fa2161442b8eaf3f657?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/eb4fb12e386e8c41fdef0733e8114594cf2653e4f55e9fa2161442b8eaf3f657?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/eb4fb12e386e8c41fdef0733e8114594cf2653e4f55e9fa2161442b8eaf3f657?s=96&d=mm&r=g","caption":"Open source Team"},"url":"https:\/\/www.dbi-services.com\/blog\/author\/open-source-team\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/16766","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/28"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=16766"}],"version-history":[{"count":1,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/16766\/revisions"}],"predecessor-version":[{"id":35676,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/16766\/revisions\/35676"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=16766"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=16766"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=16766"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=16766"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}