On Sat, Aug 2, 2025 at 6:33 AM Marc Haber <[email protected]> wrote:
> Hi, > > thanks for your help. I appreciate the guidance wich brought me back on > track. > > On Sun, Jul 27, 2025 at 02:25:27PM -0400, Nick Couchman wrote: > >I suspect that the issue is with differences in default password hashing > >algorithms between the version you're running and the newer JDBC driver > >that is likely included in the new image. I'm having trouble finding the > >exact documentation to corroborate this, and my impression was that this > >was supposed to be automatically negotiated based on how the user's > >password is actually set, but this is my suspicion. Older versions of > >Postgres (prior to 15, IIRC), default to "md5" for the password hashing > >algorithm, while 15.x and newer have changed to scram-sha-256 as the > >default. My guess is that the JDBC driver moved to scram-sha-256 along > with > >the rest of the Postgres stack, and that's causing the authentication > >failure you're seeing. > > Yes, that looks like a correct analysis. Thank you. > > I took the opportunity to upgrade my Postgres to 17.5 (making a database > dump with 13.x and restoring it under 17.5), and I now have latest > guacamole running against that postgres DB. > > Thanks for responding and confirming this. > This caused a few more issues. First, I still had > ./init:/docker-entrypoint-initdb.d:ro > mapped as a volume (probably leftover from the installation) which > caused the new postgres immediately creating a guacamole database, which > in turn made the database import fail (or incomplete - my connections > were there but no users including guacadmin). > > It helped to remove that volume from the container definition. Is that > the right way to go? Should I re-enable it? > > As long as your database is already initialized, or if you're planning to re-import the database, there's no need to keep that volume enabled - it only ever gets used the first time the DB starts up. > And then I had to reset the database user's password, probably since the > database dump still had the password as md5. > > docker exec -it postgres_guacamole_compose psql -U postgres > ALTER ROLE guacamole_user WITH PASSWORD 'password-from-compose-file'; > > It looks like I am now up and running again and would appreciate advice > whether what I did was the right thing to do. > > Glad to hear it! -Nick
