Security

Hello,

So far I'm using Clearpass 6.11.x, and a postgre DB in version 12.

I saw that the driver in 6.11 was Postgre 12.11.

Our DB manager is upgrading the DB engine to Postgre 16, anyone have a clue if it will be working with the 12.11 ODBC driver, or not ?

I heard that the MD% is not supported anymore, and I have no clue what is the status on the 12.11 driver, and when a driver in version 16 will come out.

Any help Welcome.

Hello,

Based on the current information, PostgreSQL 16 still supports MD5 authentication; however, MD5-encrypted password support is deprecated and should not be considered a long-term option. The recommended direction from PostgreSQL is to move toward SCRAM-SHA-256.

From a ClearPass perspective, Generic SQL DB sources support PostgreSQL through the built-in ODBC driver selection. However, I could not find a clear HPE statement confirming that PostgreSQL 16 is officially certified with ClearPass 6.11.x and the bundled PostgreSQL ODBC 12.11 driver.

Technically, the connection may work, but the main risk is the authentication method. If the PostgreSQL server is changed to enforce SCRAM-SHA-256, the ClearPass bundled ODBC/libpq compatibility must be validated before production migration.

My recommendation would be to test the ClearPass Generic SQL authentication source against a PostgreSQL 16 test instance using the same queries and authentication method before the DB engine upgrade. In parallel, it would be best to confirm with HPE TAC whether PostgreSQL 16 is officially supported with ClearPass 6.11.x.

https://www.postgresql.org/docs/16/auth-password.html

https://arubanetworking.hpe.com/techdocs/ClearPass/6.12/PolicyManager/Content/CPPM_UserGuide/Auth/AuthSource_GenericSQL.htm