New Jun 8, 2026

PgPool2 & PostgreSQL β€” Bypass SCRAM entirely, use MD5

The Giants All from DEV Community View PgPool2 & PostgreSQL β€” Bypass SCRAM entirely, use MD5 on dev.to

SCRAM + AES decryption is tricky to get right. The fastest working solution is to switch to MD5 in pool_hba.conf

Step 1 β€” Edit pool_hba.conf

sudo nano /etc/pgpool2/pool_hba.conf

Change:

host    all    all    127.0.0.1/32    scram-sha-256

To:

host    all    all    127.0.0.1/32    md5

Step 2 β€” Add md5 password to pool_passwd

# This adds an md5 entry without needing pool_key at all
pg_md5 -m -u postgres StrongPassword123

Step 3 β€” Verify

sudo cat /etc/pgpool2/pool_passwd
# Should show:
# postgres:md5xxxxxxxxxxxxxxxxxxxxxxxx

Step 4 β€” Restart

sudo systemctl restart pgpool2
psql -h 127.0.0.1 -p 9999 -U postgres -d your_db

This avoids the AES key complexity entirely. Share the diagnostic output if you want to keep SCRAM working.

You want to change PostgreSQL itself to use md5 instead of scram-sha-256. Here’s how:

Step 1 β€” Edit pg_hba.conf

# Find the file
sudo find / -name pg_hba.conf 2>/dev/null

Update the pg_hba.conf

sudo nano /etc/postgresql/*/main/pg_hba.conf

Change:

host    all    all    127.0.0.1/32    scram-sha-256

To:

host    all    all    127.0.0.1/32    md5

Step 2 β€” Change the default auth method in postgresql.conf

sudo nano /etc/postgresql/*/main/postgresql.conf

Find and change (it can be commented):

password_encryption = scram-sha-256

To:

password_encryption = md5

Step 3 β€” Reset the postgres password so it’s stored as MD5

sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD 'StrongPassword123';"

This re-hashes the password using MD5 now that password_encryption is set to md5.

Step 4 β€” Restart PostgreSQL

sudo systemctl restart postgresql

Step 5 β€” Add md5 entry to pgpool pool_passwd

pg_md5 -m -u postgres StrongPassword123
sudo systemctl restart pgpool2

Step 6 β€” Test

psql -h 127.0.0.1 -p 9999 -U postgres -d your_db

This should resolve it completely. Let me know what you get!

The error changed β€” good progress! Now pgpool is connected, but pgpool itself can’t authenticate to the PostgreSQL backend. This means pgpool’s stored password doesn’t match what PostgreSQL expects.

Step 1 β€” Verify PostgreSQL is actually using md5 now

sudo -u postgres psql -c "SELECT usename, passwd FROM pg_shadow WHERE usename='postgres';"

The passwd column should start with md5, not SCRAM-SHA-256. If it still shows SCRAM-SHA-256, the password wasn't re-hashed β€” redo:

sudo -u postgres psql -c "SET password_encryption = 'md5'; ALTER USER postgres WITH PASSWORD 'StrongPassword123';"

Step 2 β€” Rebuild pool_passwd cleanly

# Clear old entries
sudo truncate -s 0 /etc/pgpool2/pool_passwd

# Add fresh md5 entry
pg_md5 -m -u postgres StrongPassword123# Verify
sudo cat /etc/pgpool2/pool_passwd
# Must show: postgres:md5xxxxxxxxxxxxxxxx

Step 3 β€” Make sure pool_hba.conf uses MD5

sudo cat /etc/pgpool2/pool_hba.conf | grep -v "^#" | grep -v "^$"

Should showmd5, not scram-sha-256:

host             all            all          127.0.0.1/32            md5

Step 4 β€” Restart both services in order

sudo systemctl restart postgresql
sudo systemctl restart pgpool2

Step 5 β€” Test

psql -h 127.0.0.1 -p 9999 -U postgres -d testdb
Scroll to top