I'm trying to render a mapnik file but encountering the following error:
Traceback (most recent call last):
File "C:/Users/siphi/PycharmProjects/test2/kmgmap.py", line 29, in <module>
roads_ds = mapnik.PostGIS(host='localhost', user='postgres', password='', dbname='kmg3', table='planet_osm_line')
File "C:\mapnik-v2.2.0\python\2.7\site-packages\mapnik\__init__.py", line 430, in PostGIS
return CreateDatasource(keywords)
RuntimeError: Postgis Plugin: authentication method 10 not supported
Connection string: 'host=localhost dbname=kmg3 user=postgres connect_timeout=4'
I've tried downgrading to md5 from scram-sha-256 authentification, but I still get the same error message.
I tried the following steps from a previous post:
change password_encryption to md5 in file postgresql.conf
change the first 3 occurrences of scram-sha-256 to trust in file pg_hba.conf
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
restart the postgresql service
execute psql -U postgres (you won't be asked for a password)
change the password with the command \password username
change the first 3 occurrences of trust to md5 in file pg_hba.conf
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
restart the postgresql service
But I'm still getting the same error. I'm not interested in upgrading the PostgreSQL client software at this stage. I'd just like to downgrade the password encryption.
Related
We use PostgreSQL for our database of Speedy Net. I had a production server with PostgreSQL 13, and I backed up my database with the following command:
pg_dump -U postgres -h localhost "speedy_net" | gzip > <file_name>.sql.gz
It worked with PostgreSQL 13, but recently I upgraded my server to Ubuntu 22.04.1 LTS and PostgreSQL 14. I loaded the database from SQL and everything works properly, but now I can't backup the database - I get the following error message:
pg_dump: error: connection to server at "localhost" (::1), port 5432 failed: fe_sendauth: no password supplied
Now, something has changed in the configuration file from PostgreSQL 13 to 14. In PostgreSQL 13, the file /etc/postgresql/13/main/pg_hba.conf was:
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
And in PostgreSQL 14 the file /etc/postgresql/14/main/pg_hba.conf is:
# Database administrative login by Unix domain socket
local all postgres peer
local all speedy_net trust
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 scram-sha-256
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 scram-sha-256
host replication all ::1/128 scram-sha-256
Notice, the line local all speedy_net trust is new. Is this line causing problems? I had to add it because otherwise I couldn't load the database from SQL.
Do you know how I fix it so that backups will work? If I run the command pg_dump -U postgres -h localhost "speedy_net" manually I get prompted for password, but there is no password and it worked with PostgreSQL 13.
Maybe I need to change the password? How do I do it?
The line that is causing the problems in the new file is
host all all ::1/128 scram-sha-256
That requires you to supply a password. You have two choices:
Use a different authentication method. trust would allow you to login without a password (since you are using it with “localhost” in IPv4, why not with IPv6?). If you don't want that, certificate authentication would be an option.
Create a password file on the new machine. Since you forced password authentication on the old machine, that's probably what you used there.
Can anyone explain why I can't create new connection postgres in navicat? It is possible that the error comes from version of navicat and Postgres? the error says:
authentication method 10 not supported
I tried reinstalling my Postgres but it didn't work.
change the pg_hba.conf about flowing content:
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
I know this question has been asked several times before, but all answers I could find tell you to add a line like the following to the pg_hba.conf file:
host all all 127.0.0.1/32 md5
So my pg_hba.conf file now looks like this:
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 ident
#host replication postgres ::1/128 ident
# I've added the following lines:
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
host all all 192.168.0.0/24 md5
I have set up several postgresql servers in the past on ubuntu and never had a problem. However, on fedora, I still get the following error message:
FATAL: Ident authentication failed for user "postgres"
The server is running on Fedora 27 Workstation and the postgresql version is 9.6.8-1.fc27.
You have two authentication rules for localhost in your pg_hba.conf, namely ..
host all all 127.0.0.1/32 ident
and
host all all 127.0.0.1/32 trust
I believe the system is trying to validate the two authentication options, making the trust option being overwritten by ident. Since you're most likely trying to use trust to authenticate from localhost (based on your file), just comment/delete the following line:
host all all 127.0.0.1/32 ident
And afterwards either restart your database or reload the conf file using the following query:
SELECT pg_reload_conf();
I have postgres running on a raspberry pi, and I was getting the old
psycopg2.OperationalError: FATAL: Peer authentication failed for user "george"
The user george is a user I made that can create and access databases, but can't create users. What do I have to change in my pg_hba.conf file so that george can connect to a dabatabse using a password. This is what my file looks like:
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
This is what my connection line looks like in my python test program:
conn = psycopg2.connect(database="homebot", user="george", password="xxxxxx", port=5432)
This is what I do on the commandline to get into psql
psql george -h 127.0.0.1 -d homebase
Which works, so....what do I have to change / do to get that connection line to not throw an error and connect?
Add a new line to the configuration file setting the authentication method for george to md5.
local all george md5
I am trying to run some postgresql commands through a fabric script. When I execute the script I get:
out: psql: FATAL: Peer authentication failed for user "sparc2"
This is how my pg_hba.conf file looks like:
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
# added
local sparc2 sparc2 md5
host sparc2 sparc2 127.0.0.1/32 md5
host sparc2 sparc2 10.0.2.2/32 md5
host all all all password
I have also modified the postgresql.conf file with adding this line:
listen_addresses = '*'
After applying the changes I restarted postgresql. But the error is still the same.
PostgreSQL has 2 connection entry points:
TCP/IP (host in pg_hba.conf)
Unix sockets (local in pg_hba.conf)
Your server is configured to use peer auth which works only for Unix sockets, and means - ask the kernel if the OS username matches DB username.
You have following options:
change pg_hba.conf to use md5 auth for local socket connections, or
change connection settings in your script to use IP connection (127.0.0.1 should work) instead of socket connection. [ This may not require editing the files - sometimes setting PGHOST variable is enough ], or
make your script to run from OS user sparc2, not postgres.
Risks / drawbacks
if you change peer to md5, some automation scripts that run from "postgres" OS user, and rely on "peer" auth, will stop working. They will start asking for password
if you change peer to md5, and forget database superuser password, you may have to re-enable peer auth to reset it.
In general, the "peer" auth is OK. Ease and security of kernel-based local auth is the reason why many distributions choose it for local admin connections. It is useful especially on multi-user shell servers. You can disable it for selected accounts only:
#CHANNEL DB USER METHOD
local all sparc2 md5
local all all peer
More details: here and here.