Skip to Content

Configuring the SCRAM-SHA-256 authentication

If you are using an external and non-containerized PostgreSQL database, TrueSight Automation Console uses the default MD5 authentication to communicate with the database. You can change this authentication to SCRAM-SHA-256 before or after installing TrueSight Automation Console with an external and non-containerized PostgreSQL database.

To configure the SCRAM-SHA-256 authentication

Do the following:

  1. Log in to the host where the external database is located.
  2. Backup the following files: postgresql.conf and pg_hba.conf
    Example path:
    • /var/lib/pgsql/12/data/postgresql.conf
    • /var/lib/pgsql/12/data/pg_hba.conf
  3. Update the postgreSQL.conf file:
    1. Navigate to the path where the file is available.
      Example path: /var/lib/pgsql/12/data/postgresql.conf

    2. In a text editor, open the postgresql.conf file, and replace md5 with scram-sha-256.

      #authentication timeout = 1min# 1s-600s
      password encryption = scram-sha-256# md5 or scram-sha-256
      #db_user_namespace = off
    3. Save the changes.
  4. Update the pg_hba.conf file.
    1. Navigate to the path where the file is available.
      Example path: /var/lib/pgsql/12/data/pg_hba.conf

    2. In a text editor, open the pg_hba.conf file, and add the following section:

      To allow all the hosts for incoming connections
      #Accept from anywhere
      hostall all 0.0.0.0/0 scram-sha-256

      or

      To allow only TSAC host and DB host for incoming connections
      #Allows only TSAC and DB host (DB host IP is required even if 127.0.0.1/32 (localhost) is added
      host     all             all             TSAC_HOST_IP/32         scram-sha-256
      host     all             all             DB_HOST_IP/32           scram-sha-256
    3. Save the changes.
  5. Restart the external PostgreSQL database.
  6. Log in to the database as a database user.
  7. Do one of the following:
    • (TrueSight Automation Console is already installed)
      Run the following command to reset the password.

        • ALTER USER tsac_database_user PASSWORD '<password>';
        • ALTER USER postgres PASSWORD '<password>';
    • (TrueSight Automation Console is not installed)
      Modify the password of the PostgreSQL user:
      ALTER USER postgres PASSWORD '<password>';
  8. Run the following command to confirm the authentication changes:
    SELECT rolname, rolpassword FROM "pg_authid";
  9. Do one of the following:
    • Install TrueSight Automation Console. For details, see Installing-the-product-by-using-Stack-Manager.
    • Restart the TrueSight Automation Console application.
      • ./stackmanager stop -deployment=application
      • ./stackmanager start -deployment=application
  10. Launch the TrueSight Automation Console console from the browser.

You can perform similar steps to revert to the MD5 authentication.


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

TrueSight Automation Console 24.2