Analysis and Solutions for PostgreSQL Authentication Type 10 Not Supported Error

Nov 25, 2025 · Programming · 7 views · 7.8

Keywords: PostgreSQL | Authentication Error | JDBC Driver | SCRAM-SHA-256 | pg_hba.conf

Abstract: This paper provides an in-depth analysis of the "authentication type 10 not supported" error in PostgreSQL connections, identifying the root cause as incompatibility between SCRAM-SHA-256 authentication and older JDBC drivers. Through detailed examination of pg_hba.conf and postgresql.conf configurations, it presents multiple solutions ranging from modifying password encryption methods to upgrading JDBC drivers, supported by practical code examples. The article also discusses best practices and security considerations across different environments to help developers comprehensively resolve such connection issues.

Problem Background and Error Analysis

During PostgreSQL database connections, developers frequently encounter the error message "org.postgresql.util.PSQLException: The authentication type 10 is not supported." The core issue lies in authentication mechanism mismatch, particularly when PostgreSQL 13.0 and later versions default to SCRAM-SHA-256 authentication, while client-side JDBC driver versions are too old to support this method.

From the error stack trace, the problem occurs during the authentication phase in the connection factory: org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:614). Authentication type 10 corresponds to SCRAM-SHA-256 authentication, a new security mechanism introduced by PostgreSQL.

Root Cause Investigation

Starting with PostgreSQL 13.0, the default password_encryption parameter is set to scram-sha-256, causing newly created user passwords to use SCRAM-SHA-256 encryption by default. Simultaneously, the authentication method in the pg_hba.conf file is set to scram-sha-256.

The key issue is version compatibility: PostgreSQL JDBC driver versions 42.1.4 and earlier do not support SCRAM-SHA-256 authentication. Only when the driver is upgraded to version 42.2.0 or later can it fully support this new authentication mechanism.

Solution 1: Modify Password Encryption Method

The most direct solution is to modify PostgreSQL's password encryption configuration by reverting to MD5 encryption, which offers the best compatibility.

First, modify the postgresql.conf file:

# Windows: C:\Program Files\PostgreSQL\13\data\postgresql.conf
# GNU/Linux: /etc/postgresql/13/main/postgresql.conf
password_encryption = md5

Next, change the authentication method in the pg_hba.conf file:

# Change scram-sha-256 to md5
host    all             all             0.0.0.0/0               md5

After modifying the configuration, reset the user password to ensure it uses MD5 encryption:

ALTER ROLE postgres WITH PASSWORD 'root';

To ensure connectivity, it's recommended to set in development environments:

listen_addresses = '*'

Solution 2: Upgrade JDBC Driver Version

Another more modern solution is to upgrade the PostgreSQL JDBC driver to a version that supports SCRAM-SHA-256. This approach maintains higher security standards.

Update the dependency in Gradle projects:

implementation('org.postgresql:postgresql:42.2.0')

Or in Maven projects:

<dependency>
    <groupId>org.postgresql</groupId>
    <artifactId>postgresql</artifactId>
    <version>42.2.0</version>
</dependency>

Code Configuration Optimization

In Spring Boot applications, data source configuration must be accurate. Here's an optimized configuration example:

@Configuration
public class DataSourceConfig {
    
    @Bean
    public DataSource getDataSource() {
        DriverManagerDataSource dataSource = new DriverManagerDataSource();
        dataSource.setDriverClassName("org.postgresql.Driver");
        dataSource.setUrl("jdbc:postgresql://localhost:5432/postgres");
        dataSource.setUsername("postgres");
        dataSource.setPassword("root");
        return dataSource;
    }
}

For JDBCTemplate usage, dependency injection is recommended to avoid repeatedly setting the data source in each operation:

@Component
public class CustomerOrderJDBCTemplate implements CustomerOrderDao {
    
    private final JdbcTemplate jdbcTemplate;
    
    @Autowired
    public CustomerOrderJDBCTemplate(DataSource dataSource) {
        this.jdbcTemplate = new JdbcTemplate(dataSource);
    }
    
    @Override
    public Customer create(Customer customer) {
        String sql = "insert into CustomerOrder (customerType, customerPayment) values (?, ?)";
        
        KeyHolder holder = new GeneratedKeyHolder();
        jdbcTemplate.update(new PreparedStatementCreator() {
            @Override
            public PreparedStatement createPreparedStatement(Connection connection) throws SQLException {
                PreparedStatement ps = connection.prepareStatement(sql, Statement.RETURN_GENERATED_KEYS);
                ps.setString(1, customer.getType());
                ps.setString(2, customer.getPayment());
                return ps;
            }
        }, holder);

        long customerId = holder.getKey().longValue();
        customer.setCustomerID(customerId);
        return customer;
    }
}

Security Considerations and Best Practices

While changing the authentication method to MD5 can resolve compatibility issues, note that MD5 is less secure compared to SCRAM-SHA-256. In production environments, prioritize upgrading the JDBC driver version to maintain SCRAM-SHA-256 authentication.

If MD5 authentication must be used, ensure: secure network environment, regular password changes, and strong password policies. Additionally, configure precise IP ranges in pg_hba.conf and avoid overly permissive settings like 0.0.0.0/0.

Environment-Specific Issue Handling

In cloud environments like AWS RDS, modifying password encryption methods requires special attention. As mentioned in the reference article, changing the password_encryption parameter in RDS replica instances may not take effect; the main instance parameter must be modified and restarted.

For containerized deployments, ensure configuration file modifications are persistent and remain effective after container restarts. In Kubernetes environments, manage PostgreSQL configuration files via ConfigMap.

Troubleshooting Steps

When encountering authentication type not supported errors, follow these troubleshooting steps:

  1. Check PostgreSQL version and JDBC driver version compatibility
  2. Verify authentication method settings in the pg_hba.conf file
  3. Confirm the password_encryption parameter in postgresql.conf
  4. Check if user password encryption matches the configuration
  5. Validate network connectivity and firewall settings
  6. Review PostgreSQL logs for detailed error information

Through systematic analysis and appropriate configuration adjustments, PostgreSQL authentication type not supported issues can be effectively resolved, ensuring stable connections between applications and databases.

Copyright Notice: All rights in this article are reserved by the operators of DevGex. Reasonable sharing and citation are welcome; any reproduction, excerpting, or re-publication without prior permission is prohibited.