Skip to content

Commit

Permalink
fix scram-sha-256 password encryption for pg >= 14
Browse files Browse the repository at this point in the history
  • Loading branch information
Laurent Lavaud committed Nov 24, 2023
1 parent d3ed99d commit c4cc542
Show file tree
Hide file tree
Showing 2 changed files with 1 addition and 2 deletions.
2 changes: 1 addition & 1 deletion defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ postgresql_client_connection_check_interval: 0 # (>= 14)
# - Authentication -

postgresql_authentication_timeout: 60s
postgresql_password_encryption: "{{ 'md5' if postgresql_version is version_compare('10', '>=') else 'on' }}" # (>=10.0 set to scram-sha-256 for best security)
postgresql_password_encryption: "{{ 'scram-sha-256' if postgresql_version is version_compare('14', '>=') else 'md5' }}" # (>=14.0 set to scram-sha-256 for best security)
postgresql_db_user_namespace: off

# GSSAPI using Kerberos
Expand Down
1 change: 0 additions & 1 deletion vars/postgresql_14.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
---
# PostgreSQL vars for v14
postgresql_client_connection_check_interval: 60
postgresql_password_encryption: md5

0 comments on commit c4cc542

Please sign in to comment.