I have created role under postgresql using PgAdmin.
CREATE ROLE user_name LOGIN PASSWORD 'xyz';
I'm able to login to server using pgAdmin using above credentials.
But when I try to connect from MSSQL Server (Babelfish) getting an following error:
But when I query using postgres user login I get the role details in babelfish.
SELECT * FROM pg_user;
The (sparse) documentation says:
You can use CREATE LOGIN to create a new Babelfish login with access to all databases. Babelfish logins are implemented as PostgreSQL login roles of the same name.
That could be more explicit, but you have to create the login in a TDS connection, not while you are connected with the PostgreSQL protocol.
Related
I'm trying to get authentication working using kerberos in Windows instead of username and password when connecting to PostgreSQL. Very new to this area and would appreciate any thoughts. In essence what I want to achieve is not having the password in the app configuration. Maybe there are other options apart from using kerberos?
Will the following work?
configure Postgres for SSPI authentication
create a user in Postgres with the same user name as the SPN of the user in the AD
pre-create kerberos authentication tickets (somehow magically) for the created user
connect to postgres using psql with the above user without providing the password
If this is at all possible I'm interested in how to achieve that magical part above ^^^
Thanks.
I have a user with role rds_iam so IAM DB Auth is required for the user to connect to my Aurora PostgreSQL server (server A). Which works as expected. I have added a role to Server B that has permissions to rds-db:connect to server A. Now I need to update FDW to connect to server A using the IAM-enabled user.
I don't understand what is suppose to be used for password for the following command:
CREATE USER MAPPING IF NOT EXISTS FOR <current user> SERVER <server name>
OPTIONS (USER <username>, PASSWORD <password>);"
Currently, I am getting the following error:
[08001] ERROR: could not connect to server "XXXXXX" Detail: FATAL: PAM authentication failed for user "user-xxxxx"
I suspect because passsword was actually a token that I generated when setting up the user. But tokens expire afte 15 minutes. So how do setup an IAM-user with FDW?
Unless Amazon hacks postgres_fdw to add this capability, I think you would need to write some code that does ALTER USER MAPPING every 15 minutes, or give up on using IAM for this.
I deployed a aurora cluster for postgresql engine and enabled IAM authentication (Password and IAM database authentication). I created a user with below commands:
CREATE USER test WITH PASSWORD '123456';
GRANT rds_iam TO test;
I am able to login the database with aws rds generate-db-auth-token auto generated token but I can't login with the native password.
The command I am using to login is:
psql "host=dev-ams-engine-aurora-auroracluster.cluster-xxxxx.ap-southeast-2.rds.amazonaws.com dbname=Test user=test"
The error I got when login with native password is:
psql: error: could not connect to server: FATAL: PAM authentication failed for user "test"
Based on AWS doc:
Password and IAM database authentication
Manage your database user credentials through your DB engine's native password authentication
features and IAM users and roles. IAM helps an administrator securely control access to AWS
resources. IAM administrators control who can be authenticated and authorized for RDS resources.
It seems that it should support both IAM user/role and native password. Why can't I use native password to login?
postgres user cannot connect to a database created by postgres user.
postgres=> CREATE DATABASE mydb ENCODING 'UTF8' ;
CREATE DATABASE
postgres=> \connect "mydb";
FATAL: Peer authentication failed for user "postgres"
Previous connection kept
Is this related to google cloud version of postgresql ?
When you create a new Cloud SQL for PostgreSQL instance, you must set a password for the default user account ‘postgres’ [1]. “Peer authentication is only available for local connections” [2]. The authentication method field ‘auth-method’ in pg_hba.conf file should be using ‘md5’ instead of ‘peer’ [2] as a password is set for the default user account. A similar error is answered here [3].
https://cloud.google.com/sql/docs/postgres/create-manage-users#user-root
https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html
Getting error: Peer authentication failed for user "postgres", when trying to get pgsql working with rails
I want to install an application (Odoo) that uses PostgreSQL, but it needs you create a superuser Role to allow the aplication process instalation create its own database. I just created an Azure PostgreSQL database (PaaS), but the user it creats is not a Superuser, and can't create a superuser role. Is there a way to get my admin user a Superuser?
To explain the users and roles a little better for Azure Database for PostgreSQL:
By default, when a server is created we have the following 3 roles defined, which you can also see when you run SELECT rolname FROM pg_roles; –
azure_pg_admin
azure_superuser
server admin login – the admin login the user created the server with – which by default is a member of azure_pg_admin.
Ours is a managed PaaS service and Microsoft is the azure_superuser. We don’t grant superuser privileges to the user.
With that as baseline, there is at least one role (user) at any given time that is part of azure_pg_admin group i.e. server admin login. This user can create databases, create custom roles and customize privileges, and create additional users that are member of azure_pg_admin. A user is either a part of this group or not. Any user outside this group will not have those privileges.
Hope that helps answer your question.
Saloni
When we postgres as service then we cannot be superuser but can enable extensions allowed
Azure console => Azure Database for PostgreSQL flexible server => => Server parameters => azure.extensions => => Save