Hi,
thanks for your help. I appreciate the guidance wich brought me back on
track.
On Sun, Jul 27, 2025 at 02:25:27PM -0400, Nick Couchman wrote:
I suspect that the issue is with differences in default password hashing
algorithms between the version you're running and the newer JDBC driver
that is likely included in the new image. I'm having trouble finding the
exact documentation to corroborate this, and my impression was that this
was supposed to be automatically negotiated based on how the user's
password is actually set, but this is my suspicion. Older versions of
Postgres (prior to 15, IIRC), default to "md5" for the password hashing
algorithm, while 15.x and newer have changed to scram-sha-256 as the
default. My guess is that the JDBC driver moved to scram-sha-256 along with
the rest of the Postgres stack, and that's causing the authentication
failure you're seeing.
Yes, that looks like a correct analysis. Thank you.
I took the opportunity to upgrade my Postgres to 17.5 (making a database
dump with 13.x and restoring it under 17.5), and I now have latest
guacamole running against that postgres DB.
This caused a few more issues. First, I still had
./init:/docker-entrypoint-initdb.d:ro
mapped as a volume (probably leftover from the installation) which
caused the new postgres immediately creating a guacamole database, which
in turn made the database import fail (or incomplete - my connections
were there but no users including guacadmin).
It helped to remove that volume from the container definition. Is that
the right way to go? Should I re-enable it?
And then I had to reset the database user's password, probably since the
database dump still had the password as md5.
docker exec -it postgres_guacamole_compose psql -U postgres
ALTER ROLE guacamole_user WITH PASSWORD 'password-from-compose-file';
It looks like I am now up and running again and would appreciate advice
whether what I did was the right thing to do.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
