66

I am getting an error after moving the project to production. The error is as follows while running with production server

pg_connect(): Unable to connect to PostgreSQL server: SCRAM authentication requires libpq version 10 or above.

Here is my PostgreSQL version:

Development Version :

PostgreSQL 11.5 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-36), 64-bit

Production Version :

PostgreSQL 11.5 (EnterpriseDB Advanced Server 11.5.12) on x86_64-pc-linux-gnu, compiled by gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-36), 64-bit

Mark Rotteveel
  • 100,966
  • 191
  • 140
  • 197
Alimin
  • 2,287
  • 6
  • 19
  • 31
  • 3
    You probably have an old libpq on your *client* computer –  Jul 09 '20 at 05:42
  • @ a_horse_with_no_name is there duplicate libpq file? – Alimin Jul 09 '20 at 05:45
  • How should we know? The "installed" version refers to the server, not to the client (where your program runs) –  Jul 09 '20 at 05:46
  • I am already check both version between development postgre version and production server by running select version() the result I post in my question.Please read my question carefully you will get both version installed – Alimin Jul 09 '20 at 05:52
  • 2
    You need to check the version on the **client** (where you run your code), not the server –  Jul 09 '20 at 05:57
  • 1
    Production server version:(client where I run the program) PostgreSQL 11.5 (EnterpriseDB Advanced Server 11.5.12) on x86_64-pc-linux-gnu, compiled by gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-36), 64-bit – Alimin Jul 09 '20 at 06:07
  • Development Server: PostgreSQL 11.5 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-36), 64-bit – Alimin Jul 09 '20 at 06:08
  • sudo amazon-linux-extras enable postgresql10 - this has saved me – mvmn Apr 30 '22 at 23:48

20 Answers20

91

For those on M1-Based macs who are currently seeing this issue in docker - there appears to a bug upstream in libpg that's building against the wrong library version on ARM.

Until it's fixed, a workaround is to (at a performance hit) is to just run it via rosetta.

export DOCKER_DEFAULT_PLATFORM=linux/amd64, and re-build your images.

You'll get the latest version of libpq, and things should Just Work.

Ref: https://github.com/psycopg/psycopg2/issues/1360

antonagestam
  • 4,532
  • 3
  • 32
  • 44
skoczen
  • 1,438
  • 1
  • 12
  • 10
  • 3
    Thanks for this tip. your diagnosis is correct. tho because i use docker-compose i chose to use this answer https://stackoverflow.com/a/69636473/80353 instead – Kim Stacks Dec 31 '21 at 16:01
  • 3
    Good workaround, but I can confirm this now works on native containers, using pyscopg2==2.9.3 as suggested by @ihm in another answer. – thclark Jan 28 '22 at 11:44
  • This works, but tanks performance vs native. doing `sysbench cpu --threads=2 run` native vs in qemu showed a native score of 22,415,068 vs 506 in qemu. `export DOCKER_DEFAULT_PLATFORM=linux/amd64` `docker run -it ubuntu bash` `apt update` `apt install sysbench` `sysbench cpu --threads=2 run` vs `brew install sys bench` `sysbench cpu --threads=2 run` – Ryan McGrath Jul 07 '22 at 18:32
  • 2
    This becomes not only a *performance hit*, but unacceptable if you try running anything more serious than a data base. – One Full Time Equivalent Jul 17 '22 at 19:11
  • What I did was to use aarch64 and just copy right version of libpq while building Dockerfile. Interestingly enough, it works correctly for MacOS M1 version, it does not work for Dockerfile within MacOS M1. `RUN cp \`find /usr/lib/ -name libpq\*.so\` \`find /app -name libpq\*\` ` This works for me and keeps running native on M1. – iceraj Nov 23 '22 at 21:12
  • 1
    You can also downgrade from postgres alpine-14 to alpine-13.3. For me that fixed it :) – Jorrick Sleijster Dec 02 '22 at 21:14
  • This issue was fixed in `psycopg2` version `2.9.6`, so updating to that version should fix it now. :) – Daniel Hawkins Apr 10 '23 at 22:40
48

I ran into this while running a python:3.9 docker image where I had installed psycopg2-binary==2.9.3. Installing psycopg2==2.9.3 instead resolved it for me.

ihm
  • 2,789
  • 1
  • 18
  • 6
47

Your application uses an API that is linked with the PostgreSQL client C library libpq.

The version of that library must be 9.6 or older, and SCRAM authentication was introduced in v10.

Upgrade libpq on the application end and try again.

If you don't need scram-sha-256 authentication, you can revert to md5:

  • set password_encryption = md5 in postgresql.conf
  • change the authentication method to md5 in pg_hba.conf
  • reload PostgreSQL
  • change the password of the user to get an MD5 encrypted password
Laurenz Albe
  • 209,280
  • 17
  • 206
  • 263
  • 4
    do you have link tutorial related your answer to upgrade my library to version 10 ? – Alimin Jul 09 '20 at 06:18
  • 3
    How did you install `libpq` on the client machine? Probably you have to repeat the steps with the new version. – Laurenz Albe Jul 09 '20 at 06:21
  • I think it's installed when instaling HTTPD webserver on linux. – Alimin Jul 09 '20 at 06:46
  • 2
    If it comes from the operating system distribution, perhaps you can upgrade the operating system? It might be easier to install the packages from the PostgreSQL web page though. But then you probably also need a new version of the module that is linke with `libpq`. – Laurenz Albe Jul 09 '20 at 07:07
  • 2
    Or you can revert to `md5`. See my extended answer. – Laurenz Albe Jul 09 '20 at 07:10
  • thank you @Laurenz Albe. my client try to update postgresql with higher version and my problem solved. – Alimin Jul 13 '20 at 03:24
  • can you please tell me or give me a reference to upgrade `libpq` on Windows please? I searched it and not found it. help – alramdein Nov 18 '20 at 10:23
  • because I've change the password encryption to `md5` as you said but still didn't work – alramdein Nov 18 '20 at 10:28
  • 2
    @AlifRamdani You can use the installer from EnterpriseDB, or you can grab `libpq.dll` and its dependent libraries from the ZIP file. – Laurenz Albe Nov 18 '20 at 11:02
  • I my case it was the compiled UMN Mapserver as a Client trying to access the new Postgres. When Upgrading to newer Version the error went away. Thanks @LaurenzAlbe – leole Feb 16 '21 at 14:03
  • Switching from conan package libpq/9.6.19 to libpq/10.14 solved this for me – Timothy John Laird May 26 '22 at 16:17
22

I used to get an error SCRAM authentication requires libpq version 10 or above when running php artisan migrate in laravel 8. Then I fixed it as follows: Change authentication from scram-sha-256 to md5, then reset your password and restart the postgresql-x64-13 service and here are step by step:

  1. Step 1: Find file postgresql.conf in C:\Program Files\PostgreSQL\13\data then set password_encryption = md5
  2. Step 2: Find file pg_hba.conf in C:\Program Files\PostgreSQL\13\data then change all METHOD to md5
  3. Step 3: Open command line (cmd,cmder,git bash...) and run psql -U postgres then enter your password when installed postgres sql
  4. Step 4: Then change your password by run ALTER USER postgres WITH PASSWORD 'new-password' in command line
  5. Final: Restart service postgresql-x64-13 in your Service.
Dharman
  • 30,962
  • 25
  • 85
  • 135
changtraithang10
  • 278
  • 3
  • 4
  • 13
    For step 4, please remember to have ";" at the end of the line. It caused me half a day to figure it out. Successful run will return "ALTER ROLE" in the psql window – Helene Aug 04 '21 at 21:23
  • 1
    Also, I found that depending on different machines, I had to actually use a different password in step 3, and restart my computer instead for step 5 – Helene Aug 04 '21 at 21:47
22

For Amazon linux users:

$ sudo yum install -y amazon-linux-extras

then re install the postgres client again

$ sudo amazon-linux-extras install postgresql10

Then the main part install the python package in my case it was (psycopg2) reinstall it

$ pip3 install --force-reinstall psycopg2==2.9.3

specification: python3.8.9

zabusa
  • 2,520
  • 21
  • 25
7

This issue still affects m1 macs running python:3.10.* docker containers (based off aarch64 Debian 11). Solution for me was to install psycopg2 (build from source) instead of psycopg2-binary which is advised for production anyways:

pip install psycopg2

The python container has all the build dependencies already (like gcc). A more production appropriate container most likely won't have these https://www.psycopg.org/docs/install.html#build-prerequisites

meijsermans
  • 1,891
  • 1
  • 12
  • 4
5

If you want to keep the scram-sha-256 for security. You need to update your client postgreSQL libraries, due to php-pgsql default version does not support it.

CentOS/Rhel/Rocky

yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
yum install postgresql13

This will update the server/client libpq in order to keep using scram-sha-256

ken
  • 3,650
  • 1
  • 30
  • 43
Andrés Julián
  • 51
  • 1
  • 4
5

Based on answer by @meijsermans, I changed the requirements.txt for django:

#psycopg2-binary>=2.9.3
psycopg2>=2.9.5

and it worked without the SCRAM error!

Also tried with and without platform: linux/arm64 in docker.compose, didn't solve the problem.
Tried platform: linux/amd64 and had some unrelated errors (mainly "exec /bin/sh: exec format error")
Using postgres:14.5 image in postgres container and python:3.10.7 image for django

pwiai
  • 51
  • 1
  • 2
  • This does not really answer the question. If you have a different question, you can ask it by clicking [Ask Question](https://stackoverflow.com/questions/ask). To get notified when this question gets new answers, you can [follow this question](https://meta.stackexchange.com/q/345661). Once you have enough [reputation](https://stackoverflow.com/help/whats-reputation), you can also [add a bounty](https://stackoverflow.com/help/privileges/set-bounties) to draw more attention to this question. - [From Review](/review/late-answers/33444842) – mousetail Dec 21 '22 at 08:22
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Dec 21 '22 at 22:07
3

I find 2 solutions. I didn't try local, solutions are for docker container.

Preliminary information: According to the main image we defined at the beginning of the Dockerfile, our libq versions may differ. It is explained with examples in the answer given here.

If you want to know your libq version used in your docker-image, you can do the following, respectively.

  • After docker-compose run

    docker-compose exec <app_name_in_docker-compose_file> sh

    python

    import psycopg2

    print(psycopg2.extensions.libpq_version())

If you're getting an error, you'll probably see a number like 90xxx here.

Solutions:

  • First basic one. I used 'python:3.9-slim-buster' at docker and I've got error. Change base image name to 'python:3.9.6-alpine3.14'
  • The second solution is to build the psycopg2 file and install libq and other dependencies. For this, add the following commands to the dockerfile.

RUN apt update -y && apt install -y build-essential libpq-dev

RUN pip3 install psycopg2-binary --no-binary psycopg2-binary

koksal
  • 161
  • 4
2

All the answers that are suggesting that password encryption should be reverted back to md5 are forgetting that PostgreSQL changed its default password encryption from md5 to scram-sha-256 for security reasons. The issue then is those client applications that fail to use this modern encryption method. The libpq file that ships with PostgreSQL version 10 and above is fine. Just change your client applications if you can so that you use only the ones that support this new method.

For instance, For a long time I was using a package called RPostgreSQL that allows users to connect to a PostgreSQL database from R. Turns out that package doesn't support scram-sha-256. I have now replaced it with its modern equivalent called rpostgres. Problem solved, everybody happy now!

Faustin Gashakamba
  • 226
  • 1
  • 12
2

The following docker-compose snippet worked for me:

command: postgres -c password_encryption=md5
environment:
  [...]
  POSTGRES_INITDB_ARGS: "--auth-local=md5"
Matthias
  • 21
  • 1
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Mar 18 '23 at 14:41
1

Had this issue and fixed it by switching from the binary version of psycopg2 to psycopg2 = "^2.9.3"

SamAko
  • 3,485
  • 7
  • 41
  • 77
1

Thanks to previous answers, this was resolved in my case too when I switched from psycopg2-binary to psycopg2.

Use pip install psycopg2 in your environment. This resolves the issue for ubuntu based systems.

babis21
  • 1,515
  • 1
  • 16
  • 29
0

Here is a more mundane answer, but this is what happened to me so I'll add it here.

I got this error when I tried to start PostgreSQL 9.4. I realized I already had PostgreSQL 11 running - it started automatically with my computer. Once I stopped version 11, I was able to start version 9.4. They can't listen on a port already in use, and both had the same port set. But I'm not sure exactly why the misleading error wording.

Michael K
  • 1,031
  • 2
  • 14
  • 27
0

Found this problem installing on a ubuntu 22.04 image with python3.10 on Mac M1.
What worked for me was installing the psycopg2 package as root rather than with --user - then the specific user can use the package.

Looks like the --user install puts an incorrectly linked libpq at /home/<user...>/.local/lib/python3.10/site-packages/psycopg2_binary.libs/libpq-d97d8807.so.5.9

If you have another pip install --user process kicking about after this, and it installs psycopg2 again under the .local path, just remove that from .local/lib/python3.x/site-packages/psycopg2*

simonslocombe
  • 221
  • 2
  • 5
0
  1. Use vi (or other editor) to replace scram-sha-256 with md5 in the file postgresql.conf and post_hba.conf ; location of the files depends on your local set up. After this step 1 you may (most likely) continue to have the issue of authentication error. This is bcos the hash of password in DB still uses scram encryption. We will solve in the next few steps.
  2. Restart postgresql server. This command depends on your server setup as well.
  3. Reload DB and verify. Login with postgres id: sudo -u postgres sql

Reload (under the psql console):

SELECT pg_reload_conf();

Check Encryption:

SHOW password_encryption;
SELECT * FROM pg_hba_file_rules();

  1. Reset password for user account (within the psql consol). This step will flush a new hash for the password under md5 to replace the existing scram hash of the user password.

    \password user_id

Then you can run a test of DB connection with psycopg2, as well as sqlalchemy.

This solves my problem in the way i can understand, being aware that md5 is less ideal an encryption method than scram-sha-256 but recompile the package to meet the requirement of psycopg2 is a pain in a**. So i would switch back to md5 first then when the package are all ready then change it to scram encryption.

Reference: PostgreSQL downgrade password encryption from SCRAM to md5

user10701198
  • 1
  • 1
0

I am a php-fpm docker user on Mac OS, neither the plateform env exports nor adding the directive to the dockerfile/docker-compose.yml succeded. On the other hand, switching postgres to md5 was a solution i wished to avoid. Besides, using apt-get inside the container resulted in too many dependency errors. What worked for me was just upgrading php-fpm to the latest version, rebuild the container then apt-get brought a libpq >= 10 version

Actually my dockerfile looks like this:

FROM --platform=linux/amd64 php:7.4-fpm
RUN apt-get update \
    && apt-get install -y \
        librabbitmq-dev \
        libssh-dev \
        libpq-dev  \
...
helvete
  • 2,455
  • 13
  • 33
  • 37
Walik Workshop
  • 1
  • 1
  • 2
0

I noticed using later postgres database docker images - postgres:14.x-alpine I got this error.

If feasible - you can downgrade to an older image that doesn't have these extra protections

version: '3.8'
services:


  db:
    image: postgres:9-alpine
    restart: always
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=postgres
    ports:
      - '5432:5432'
    volumes: 
      - db:/var/lib/postgresql/data
johndpope
  • 5,035
  • 2
  • 41
  • 43
-2

Encountered the same issue and applied @Laurenz Albe's fix but I would get an authentication error on my user for the database, because of encryption strategy change.

So instead of replacing scram-sha-256 with md5, replace it with trust in pg_hba.conf

dzinampini
  • 89
  • 1
  • 5
-2
RUN apt-get -y update \
    && apt-get install -y build-essential gettext libpq-dev\
    && apt-get install -y wkhtmltopdf\
    && apt-get install -y gdal-bin\
    && apt-get install -y libgdal-dev\
    && apt-get install -y --no-install-recommends software-properties-common\
    && apt-add-repository contrib\
    && apt-get update

Try this.

Ersin
  • 1
  • 2
    As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Nov 19 '21 at 16:45