The method scram-sha-256 performs SCRAM-SHA-256 authentication, as described in RFC 7677. It is a challenge-response scheme that prevents password sniffing on untrusted connections and supports storing passwords on the server in a cryptographically hashed form which is thought to acquire.
By default, the freshly installed PostgreSQL user scram-sha=256 authentication. Hence, no modifications are required.
If you are migrating the database to PostgreSQL 13.x from an older version, then perform the following:
NOTE:Ensure that you upgrade the ZENworks Management Zone after performing the following steps.
Modify the method in pg_hba.conf file for all entries to md5.
Modify the "password_encryption" parameter in postgresql.conf file to "md5".
Restart the PostgreSQL database services.
Migrate old data (OR) restore old data from backup, along with the users which are encrypted in "md5".
Connect the PostgreSQL using from psql/sql-client with super user (postgres/zenpostgres user) and run the following commands:
alter system set password_encryption = 'scram-sha-256';
select pg_reload_conf();
run below command for all database users including superuser/zenworks/audit, etc..
ALTER USER <<user_name>> WITH PASSWORD '<<existing (or) new password>>';
To verify if the password is encrypted to scram-sha-256 run the below query.
select usename,passwd from pg_shadow;
Exit
Modify the method in pg_hba.conf file for all entries to scram-sha-256.
Restart the PostgreSQL database services.