In my LemonLDAP server, I try to configure an host for redirect user connection to the localhost app of the connected user (where App is running in local).
Localhost seems to be redirect to "server localhost" and not the localhost of the computer used by user.
It is possible to apply this configuration ?
I've been trying to configure postgresql with PAM on a Red hat server so that I can get remote access to the server via pgAdmin and use local (server) authentication with PAM.
I have edited the pg_hba.conf file and changed the appropriate line:
host postgres all 0.0.0.0/0 md5
and added this one:
host pam_testing all 0.0.0.0/0 pam pamservice=postgresql95
Moreover I created database user with the same username as I use to log in with putty (no password, simply create user xxx)
When I try to log in remotely with pgAdmin to postgres database (using md5) with my database user everything works smoothly.
But When I try to connect (also remotely, with pgAdmin) to pam_testing database with my server username (to which I log in via ssh using putty) and give the password I get the following error:
Error connecting to the server: FATAL: PAM authentication failed for
user XXX
BUT! When I log in locally to pam_testing while connected via putty it works! My system user gets logged in and authenticated without any problems. And it only happens for users, which I added to the database using create user.
I'm guessing it must be some kind of authentication issue (with the server maybe? It belongs to company and I don't know what other authentication methods it uses) but I'm not sure. Any ideas?
System: Red hat 6.8,
Postgresql: 9.5
Thanks in advance!
Do systemctl | grep unix_chkpwd and if you see lines like these
unix_chkpwd[13081]: check pass; user unknown
unix_chkpwd[13081]: password check failed for user (<username>)
then you've encountered the same problem I did.
To solve it you need to give postgres user read permissions to /etc/shadow file. You can do this via acl: setfacl -m g:postgres:r /etc/shadow, or by creating some group, giving it this permission and then adding postgres to it. Then do systemctl restart postgresql.service.
The underlying mechanics of authenticating with pam is described in this post. The key moment is the following: unix_chkpwd runs under the uid of the process which wants to authenticate someone, so if it's not root (and /etc/shadow is used which I believe is the common case), it can't do its job.
Just created a login role and subsequently, a database owned by a login role (both with the same name ". I specified a password. Typed psql fplanner and immediately was brought to a console without it having asked from a password. I'm logged into my computer's admin account, so maybe thats it.
Just wondering why it didn't ask me for a password, and when it would (or should), and also possibly how I might force it to prompt for a password every time before being accessed
just created a rails app, and it is also not requiring login information to access the database. Could again be based off the fact that I'm root already I'm not sure
System: OSX El Capitan, PostgreSQL 9.4.4, PgAdmin 1.20.0
Extremely basic question here, but it doesn't appear to have been asked, so I decided to give it a go.
It probably didn't ask because it is set to "trust" (hopefully only for local connections).
While you are in psql and connected to the database run SHOW hba_file; to find out where your pg_hba.conf file is located. Open this file in your favorite text editor. It contains a quite a lot of comments thoroughtly explaning what you can do (lines starting with a # are comments).
In most default installs there are only two actual configuration lines:
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
Yours I expect to end in trust change them to md5 for normal password based access.
how can I log user's password in proftpd? I forgot his password so for now I set up anonymous login for his account to accept any password.
I want to find out his password and set it up with this correct password - but firstly I need to log it.
Many thanks.
It seems ProFTPD is explicitly designed to not log the password:
Frequently Asked Questions
Question: How can I configure proftpd to log/show the password typed by the user?
Answer: You cannot. Period. The proftpd code goes out of its way to ensure that the password is never logged.
http://www.proftpd.org/docs/howto/Authentication.html
If you need to find out the password of an active FTP account you can also use tcpdump
sudo tcpdump src x.x.x.x and dst y.y.y.y and port ftp -A
I've installed postgresql 9.2 on linux (kubuntu) and the last version of pgadmin3, but when I connect them I have this error:
An error has occurred:
Error connecting to the server: fe_sendauth: no password supplied
What can I do?
I have also configured tomcat for my web application in java. In fact, postgresql was working before trying my application.
Change the password for role postgres:
sudo -u postgres psql postgres
alter user postgres with password 'postgres';
Try connect using "postgres" for both username and password.
Refer to: How to change PostgreSQL user password
Whether a password is required depends on your settings in pg_hba.conf. And there are different ways you can connect - different settings in pg_hba.conf may apply.
I quote the help shipped with pgAdmin 3 for the "Host" field in the connection ("server") settings:
The host is the IP address of the machine to contact, or the fully
qualified domain name. On Unix based systems, the address field may be
left blank to use the default PostgreSQL Unix Domain Socket on the
local machine, or be set to an alternate path containing a PostgreSQL
socket. If a path is entered, it must begin with a “/”. The port
number may also be specified.
If you connect via Unix socket the rules for "local" apply.
Whereas when connecting via TCP/IP "host" (or "hostssl") rules applies.
If you have a line like this at the top your pg_hba.conf file:
local all all peer
or:
local all all ident
.. then you can connect locally without password if your system user is "postgres" and your database user is "postgres", too.
I realize this is question is years old, but I ran into this same problem today and have a solution that uses trust in a limited but useful way.
As in many development shops, when the devs need a QA postgres password, they just yell it, message it, email it, write it on their foreheads, etc. And I'm like, "This is really bad. I need to figure out a way to use PKI here." We also use pgAdmin3.
First, add a line like this to your pg_hba.conf, where dev represents the user for the developers in your shop:
host all dev 127.0.0.1/32 trust
Drop the developers' public key in their authorized_keys folder on the database server. Now have them ssh into the server with the -L flag with a command similar to the following:
ssh -i ~/.ssh/id_rsa -L5432:127.0.0.1:5432 -vvv 101.102.103.104
This allows one to use the postgres port as if it were localhost. Of course, replace the key, server and make sure to map to an open port locally (if you have a local postgres running, it's probably bound to 5432). I use a pretty verbose flag so I can easily troubleshoot any ssh issues.
Open another terminal and issue this command:
psql -h 127.0.0.1 -U dev -p 5432
You should have access to the database and never be prompted for a password, which I think is great because otherwise, the devs will just waive the password around with little regard to security, passing it out like Halloween candy.
As of now, PgAdmin3 will still prompt you for a password, even though -- plain as day -- you do not need it. But other postgres GUIs will not. Try Postico. It's in beta but works great.
I hope this answer helps anyone like me who would rather use PKI for postgres auth rather than sharing passwords willy-nilly.
Met this problem recently.
If you're using PostgreSQL on local machine, and psql works well without logging needed, try pgadmin3's menu File - Add Server - Properties tab, fill in Name field for this connection, leave Host field and Password field empty, and click ok.
from pgadmin docs
On Unix based systems, the address field may be left blank to use the
default PostgreSQL Unix Domain Socket on the local machine, or be set
to an alternate path containing a PostgreSQL socket. If a path is
entered, it must begin with a “/”.
Worked on Debian testing (pgadmin3 1.22, PostgreSQL 11), without touching pg_hba.conf.
For me, I run pg_ctl -D /usr/local/var/postgres start, start the server, then everything is OK, it will pop out the connection host port.