Controls whether a WARNING about MD5 password deprecation is produced upon successful MD5 password authentication or when a CREATE ROLE or ALTER ROLE statement sets an MD5-encrypted password.
At a glance
| Property | Value |
|---|---|
| Parameter | md5_password_warnings |
| Category | Connections and Authentication |
| Default | on |
| Value type | boolean (on/off) |
| Change scope | Per-session (SET) |
| Available in | PostgreSQL 18, 19 (added in 18) |
What it does
Controls whether a WARNING about MD5 password deprecation is produced upon successful MD5 password authentication or when a CREATE ROLE or ALTER ROLE statement sets an MD5-encrypted password. The default value is on.
(Description quoted from the official PostgreSQL documentation.)
How to apply a change
Can be set per session with SET, per role/database with ALTER ROLE/DATABASE ... SET, or globally in postgresql.conf.
Inspect the current value and source with SHOW md5_password_warnings; or SELECT name, setting, unit, context, source FROM pg_settings WHERE name = 'md5_password_warnings';.
Tuning guidance
This is a connectivity or security setting, not a performance knob. Choose the value from your security and network requirements (TLS files, ciphers, keepalives, authentication behaviour) rather than for throughput, and verify it against your organization’s policy. Test changes in staging, because a wrong value here can lock clients out.