I try to run the test-connection function or a Glue Crawler in AWS Glue to test my connection with Amazon Relational Database Service PostgreSQL (Amazon RDS for PostgreSQL), version 14 and later. However, I get the "The Authentication type 10 is not supported" error.
Short description
This error can occur for the following reasons:
- You used the AWS Glue crawler with a Glue connection to crawl your database.
- You used the AWS Glue's test-connection functionality to test your connection.
The PostgreSQL JDBC driver must be 42.2 or later when you use SCRAM authentication hashing on the server. While versions of PostgreSQL 13.x and earlier use md5 encryption as their default, PostgreSQL versions 14.x and later use scram-sha-256 encryption as their default. The JDBC driver that's used for AWS Glue's native test-connection and crawler doesn't match the version requirement for the scram-sha-256 encryption.
As a result, you receive the following error:
"Authentication type 10 is not supported."
Resolution
This issue can occur when the encryption method for the database is set to scram-sha-256.
Verify the encryption type
To verify the encryption type for your database, run the following command in the source database:
show password_encryption
Identify your use case, and then follow the steps in the related section that appears below to resolve the error:
Option 1: Create a connection without changing the encryption type
If you don't want to change your database's encryption type, then use your own custom JDBC driver for your crawler to make the connection.
Note: The test-connection feature isn't supported in custom drivers. The custom JDBC driver skips the test connection as it crawls through the data source.
To use the connection in an AWS Glue job without crawling the database, don't use a custom JDBC driver because AWS Glue 3.0 and 4.0 use JDBC driver version 42.2 and later. Instead, run the AWS Glue job using the correct job configuration so that it connects to your database.
Option 2: Change the encryption type to create a connection
You might not want to use a custom JDBC driver or the test-connection functionality in AWS Glue. In this case, update the Amazon RDS for PostgreSQL instance to use the md5 hash instead of the scram-sha-256 hash. To update the hash, follow the steps that appear below.
Create a new DB cluster Parameter Group with md5 encryption
To update the RDS for PostgreSQL instance to have the md5 hash, complete the following steps:
- Go to the Amazon RDS console.
- In the left navigation panel, choose Parameter groups.
- Choose Create parameter group.
- Enter a name for Parameter group name.
- Add a description for the custom parameter group.
- For Engine Type, choose PostgreSQL.
- For Parameter group family, select the version of your PostgreSQL database. For example, postgres14.
- For Type, select DB Cluster Parameter Group.
- Then, choose Create.
- Choose the Custom Parameter group that you created.
- Choose Actions. Then, select Edit from the dropdown list.
- Edit the parameter password_encryption to the value md5. Then, choose Save Changes.
Add the group to the DB cluster
Complete the following steps:
- Open the Amazon RDS console.
- In the left navigation panel, choose Databases.
- Select your Postgre database.
- Then, select Modify.
- In the Additional Configuration dropdown list, for Database options, select the newly created md5 DB Cluster Parameter Group.
- Choose Continue, and then choose Apply Immediately.
- To apply the changes, choose Modify DB instance.
Change the password
After you change the cluster's encryption type, you must edit the password to store the new encryption.
Note: The password can be the same as before, but you must update it so that it's encrypted with md5.
To change the master password to use the md5 encryption, follow these steps:
- Open the Amazon RDS console.
- In the left navigation panel, choose Databases.
- Select your Postgre database
- Then, select Modify.
- Update the Master password and apply the change. This might take a few minutes to complete.
- Go to the Amazon RDS console.
- In the navigation pane, under Data Catalog, choose Connections. You can also choose Data connections above Data Catalog in the same pane.
- In Connections, select the check box next to the desired connection. Then, choose Actions. In the dropdown list, choose Test connection. If the connection is configured correctly, then the test connection succeeds.