Installation Note 69262: Upgrading the SAS® Viya® 3.5 SAS® Infrastructure Data Server to PostgreSQL 11 requires SCRAM-SHA-256 Authentication
Severity: Medium
Description: In SAS Viya 3.5, the default database (PostgreSQL) for the SAS Infrastructure Data Server uses MD5 authentication. Applying the latest fixes for SAS Viya 3.5 allows users to upgrade the PostgreSQL database to version 11.x by running the sas-pgupgrade-cli utility.
If the PostgreSQL database is upgraded, the SAS Viya 3.5 playbook (site.yml) must be run again to reconfigure the authentication method. After a successful playbook run, the database and all the current user passwords in the database are converted to use SCRAM-SHA-256.
Multi-tenant deployments require extra steps to complete the user password updates. Instructions for updating these passwords can be found in Upgrade Tenant Database User Passwords to the scram-sha-256 Encryption Standard.
For complete instructions to upgrade the database and passwords in SAS Viya 3.5, see Upgrading PostgreSQL in SAS Viya.
Potential Impact: Switching from MD5 to SCRAM-SHA-256 hardens the hashing method currently used by MD5, making it more difficult for a brute force attack to decipher passwords.
Click the Hot Fix tab in this note for a link to instructions about accessing and applying the software update.
Operating System and Release Information
SAS System | SAS Viya | Linux for x64 | 3.5 | 3.5 | Viya | Viya |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
Type: | Installation Note |
Priority: | medium |
Date Modified: | 2022-06-15 10:07:16 |
Date Created: | 2022-06-06 08:39:39 |