Skip to content

auth_query: scram-sha-256 #770

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
pa5hgan opened this issue Mar 19, 2025 · 0 comments
Open

auth_query: scram-sha-256 #770

pa5hgan opened this issue Mar 19, 2025 · 0 comments

Comments

@pa5hgan
Copy link

pa5hgan commented Mar 19, 2025

Hello,
I am trying to configure authentication "scram-sha-256" type for odyssey-1.3, using this configuration (psql and odyssey are on same host):

psql:
password_encryption: scram-sha-256 #all psql users are created using this type of hash

hba:
- local all postgres peer
- local all all scram-sha-256
- host all all 127.0.0.1/32 scram-sha-256
- host all all ::1/128 scram-sha-256

created user by local command: psql -p 8432 -c "CREATE USER test WITH PASSWORD 'testpasswd'"

database "postgres" {
user "lookup" {
authentication "scram-sha-256"
password "<plaintext lookup password>"
pool_routing "internal"
storage "server"
..
}
}

database default {
user default {
authentication "scram-sha-256"
auth_query "SELECT usename, passwd FROM pg_shadow WHERE usename=$1"
auth_query_user "lookup"
auth_query_db "postgres"
storage "server"
..
}
}

Executing request:
psql -d 'postgresql://test:[email protected]:8433/postgres?sslmode=require' -c 'select 1' gives me the error:

exit_status=2, stdout=None, stderr=b'psql: error: connection to server at "127.0.0.1", port 8433 failed: FATAL: odyssey: c88b07f174aaf: failed to connect to remote server sad0d5d74d522\n'

odyssey logs:
8837 2025-03-19T13:16:47Z debug [cc5c70d0e0def none] (auth) PasswordMessage
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (auth_query) attached to server s30ca681cbfd5
8837 2025-03-19T13:16:47Z debug [none s30ca681cbfd5] (startup) startup server connection with user lookup & database postgres
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: Authentication
8837 2025-03-19T13:16:47Z debug [none s30ca681cbfd5] (auth) recieved msg type 10
8837 2025-03-19T13:16:47Z debug [none s30ca681cbfd5] (auth) requested SASL authentication
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: Authentication
8837 2025-03-19T13:16:47Z debug [none s30ca681cbfd5] (auth) recieved msg type 11
8837 2025-03-19T13:16:47Z debug [none s30ca681cbfd5] (auth) continue SASL authentication using password <plaintext lookup password>
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: Authentication
8837 2025-03-19T13:16:47Z debug [none s30ca681cbfd5] (auth) recieved msg type 12
8837 2025-03-19T13:16:47Z debug [none s30ca681cbfd5] (auth) finishing SASL authentication
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: Authentication
8837 2025-03-19T13:16:47Z debug [none s30ca681cbfd5] (auth) recieved msg type 0
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: ParameterStatus
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: ParameterStatus
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: ParameterStatus
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: ParameterStatus
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: ParameterStatus
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: ParameterStatus
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: ParameterStatus
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: ParameterStatus
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: ParameterStatus
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: ParameterStatus
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: ParameterStatus
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: ParameterStatus
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: ParameterStatus
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: ParameterStatus
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: BackendKeyData
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (startup) received packet type: ReadyForQuery
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (auth_query) SELECT usename, passwd FROM pg_shadow WHERE usename=
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (auth_query) ParseComplete
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (auth_query) BindComplete
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (auth_query) RowDescription
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (auth_query) DataRow
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (auth_query) CommandComplete
8837 2025-03-19T13:16:47Z debug [ica4e1321bbed4 s30ca681cbfd5] (auth_query) ReadyForQuery
8837 2025-03-19T13:16:47Z debug [cc5c70d0e0def none] (auth) PasswordMessage
8837 2025-03-19T13:16:47Z info [cc5c70d0e0def none] (auth) ip '127.0.0.1' user '(unknown database).(unknown user)': host based authentication allowed
8837 2025-03-19T13:16:47Z debug [cc5c70d0e0def s6652b924d00e] (setup) client cc5c70d0e attached to s6652b924
8837 2025-03-19T13:16:47Z debug [none s6652b924d00e] (startup) startup server connection with user test & database postgres
8837 2025-03-19T13:16:47Z debug [cc5c70d0e0def s6652b924d00e] (startup) received packet type: Authentication
8837 2025-03-19T13:16:47Z debug [none s6652b924d00e] (auth) recieved msg type 10
8837 2025-03-19T13:16:47Z debug [none s6652b924d00e] (auth) requested SASL authentication
8837 2025-03-19T13:16:47Z debug [cc5c70d0e0def s6652b924d00e] (startup) received packet type: Authentication
8837 2025-03-19T13:16:47Z debug [none s6652b924d00e] (auth) recieved msg type 11
8837 2025-03-19T13:16:47Z error [none s6652b924d00e] (auth) cannot authenticate with SCRAM secret from auth_query

Using md5 authentication type works ok. Can anyone explain why scram-sha-256 doesn't work for me?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pa5hgan