1. Oracle GoldenGate Microservices Documentation
  2. Prepare
  3. Prepare Databases
  4. PostgreSQL
  5. Prepare Database Connection
  6. Configuring a Database Connection
  7. Connecting to a FIPS-enabled PostgreSQL System with Version 14 or Lower

Connecting to a FIPS-enabled PostgreSQL System with Version 14 or Lower

When the Oracle GoldenGate Extract is run from a Federal Information Processing Standards (FIPS) enabled system installed with PostgreSQL database lower than version 14, it generates the following error:

ERROR OGG-25359 Could not connect to server with database 'postgres', host 'localhost', port '5432' and user name 'postgres'. Error Message: connection to server at "localhost" (::1), port 5432 failed: could not encrypt password: disabled for FIPSfe_sendauth: error sending password authentication.

The encryption algorithm md5 is the default encryption algorithm on PostgreSQL database version lower than 14 and causes the Extract to abend with an error.

To run Extract on a FIPS-enabled system running PostgreSQL database version lower than 14, perform the following steps:

  1. Modify the postgresql.conf file to set the password_encryption option to scram-sha-256.

  2. Modify the pg_hba.conf file to set the Method option to scram-sha-256, as md5 is not supported on a FIPS-enabled system. However, this is an optional step.

    The password for the database user that is used by Oracle GoldenGate Extract, must be re-generated or modified if the database user has already been created, after the password_encryption option is set to scram-sha-256. You can use the same password to be regenerated.

    For example, if the database user, named admin uses the password as password123, then the same password can be regenerated using the scram-sha-256 encryption.