PostgreSQL version:

password_encryption

When a password is specified in sql-createrole or sql-alterrole, this parameter determines the algorithm to use to encrypt the password. The default value is md5, which stores the password as an MD5 hash (on is also accepted, as alias for md5). Setting this parameter to scram-sha-256 will encrypt the password with SCRAM-SHA-256.

Note that older clients might lack support for the SCRAM authentication mechanism, and hence not work with passwords encrypted with SCRAM-SHA-256. See auth-password for more details.

Recommendations

There is no good reason for this to be set to “off”.

Comments