I'm working on a project with the kosmtik tool together with osm2pgsql to be able to generate data for OPENS STREET MAP directly from my postgres database, and I'm having this connection problem when I make requests to the database, they are being accessed by the file localconfig.js and together with project.mml
Has anyone had a similar problem or worked with this tool to be able to use it in OSM ??
From PostgreSQL authentication method 10 not supported, you can understand that your client cannot authenticate using scram-sha-256, and from POSTGRES_HOST_AUTH_METHOD in https://hub.docker.com/_/postgres, you get that scram-sha-256 is the default auth method when using postgres 14 and later.
So, you can either update the postgresql client you use, or downgrade postgres to v13. You could also choose to disable passwords or use md5 auth method on postgres.
It does looks like kosmtik uses mapnik, which has Unable to connect to Postgresql 14 with scram-sha-256 password hashing · Issue #4283 · mapnik/mapnik.
Related
I have a RDS PSQL14 database on eu-central-1 and would like to connect this to Quicksight as a new data source.
However, I always get the following error:
sourceErrorCode: GENERIC_SQL_EXCEPTION
sourceErrorMessage: The authentication type 10 is not supported. Check that you have configured the pg_hba.conf file to include the client's IP address or subnet, and that it is using an authentication scheme supported by the driver.
I have no clue how could I edit the pg_hba.conf file. Though I know that the VPC in which the RDS is in would allow the connection.
Most likely this is something with sha256 vs md5 authentication or so I've read in a couple of posts, but I don't know for sure. Please someone educate me :)
This was a huge time waster.
tldr: psql 13 and up uses scram-sha-256 but older version only support md5.
The reason behind this is that AWS Quicksight is using PostgreSQL JDBC driver 42.2.1
If you try to connect this with any of the newer psql versions it will fail due to a change made to the password authentication method used in the more recent versions of PostgreSQL (scram-sha-256). However, the 42.2.x driver only supports connecting via md5 passwords.
How to solve?
1. Downgrade:
If you downgrade to version 12.9 or below the problem should sort itself out.
2. Change Auth to md5:
!! it will affect all users and connections !!
Create a new Parameter group.
Once a new Parameter group is created > Search for password_encryption > Edit parameters
Select md5 (change the "rds.accepted_password_auth_method" parameter to allow md5 + scram which would allow you to create a user with md5 for QuickSight to connect with).
Save changes
Then you can modify your database to use the DB parameter group created in step 1.
Create a new user to be used in the QuickSight authentication with the RDS instance with the necessary permissions.
3. New Quicksight user with session-level md5:
Verify current password_encryption value:
show password_encryption;
Set the session variable of the parameter to 'md5:
set password_encryption = 'md5';
Create a user and assign it the necessary credentials
create user (username) with password '(password)';
grant connect on database (database) to (username);
Use the user to connect from QuickSight and it should be able to connect successfully using the "md5" encryption and not "scram-sha-256".
i am using pg lib in strapi application, where initially it creates postgres connection using correct postgresql username(postgres), database name(strapi_db) and password(postgres) but after login it changed it to connect using my windows 10 username(rayappan.a, and database as rayappan.a). it seems strange to me because i never configured anywhere to use my windows credentials for POSTGRESQL connection. please any one tell me how to fix username connection issue
Regards,
Rayappan Antoniraj
Take a look into https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING . It states that username:
Defaults to be the same as the operating system name of the user running the application."
The database name:
Defaults to be the same as the user name.
So it seems a new connection with parameters not set is made.
I have been using Postgres 12 with MD5 as authentication method and have not faced any issues when trying to connect to a database with password. Nor have I faced issues with user authentication when supplying user password.
However, since I have installed Postgres 13 , I have been blocked by this error client password must be a string. This is a fresh installation of Postgres. Please note that there are solutions which talk about how to migrate from MD5 authentication to scram-sha-256 by making changes to postgresql.conf and pg_hba.conf files. But none of them speak about this issue for a fresh installation of Postgres 13.
What should I be looking for to get rid of this error?
Question
What extra do I get if I fix this and get access to the admin database? (MyDataBaseName normal database works perfectly well)
Do I even need to fix this to use this postgres database for a Django 3.0 project?
Done -> ERROR
I have created a free tear AWS RDS Postgres 11 database.
I allowed external connections at creation and have successfully configured the inbound rules.
Than I have connected to pgAdmin (right click on server groups/create/server)
Than I got 3 database:
MyDataBaseName how I have named my database
postgesql that is auto generated
rdsadmin this is also auto generated,
I have problem with this one that it doesn't opens,
it has a rex x at the database icon
if i click on it it gives the following ERROR message
INTERNAL SERVER ERROR
FATAL: SomeConfigFileName.conf rejects connection for host "host.ip.adders.actully.with.numbers", user "myPersonalUsername", database "rdsadmin", SSL on
FATAL: SomeConfigFileName.conf rejects connection for host "host.ip.adders.actully.with.numbers", user "myPersonalUsername", database "rdsadmin", SSL off
"rdsadmin" is used for internal purposes by AWS. There should be no need to "fix" this.
The only things you are missing is things you aren't allowed to do anyway, and indeed not needing to deal with them yourself is what you are paying Amazon for.
Django shouldn't care. If it demands access to this database, that would be a bug in Django (or a configuration error)
I am trying to setup PostgreSQL and allow only certain Windows users to access the data from the database. Setting up Windows Authentication is Quite easy with MS SQL, but I can't figure out how to set it up in PostgreSQL.
I have gone through the documentation at http://www.postgresql.org/docs/current/static/auth-methods.html
and edited the pg_hba file. But after doing so, the PostgreSQL service fails to start.
Is the Postgresql server running on Windows as well as the clients then you might test with this to see if this works:
host all all 0.0.0.0/0 sspi
Magnus Hagander, a Postgresql developer, elaborates on this:
"All users connecting from the local machine, your domain, or a trusted domain will be automatically authenticated using the SSPI configured authentication (you can enable/disable things like NTLMv2 or LM using Group Policy - it's a Windows configuration, not a PostgreSQL one). You still need to create the login role in PostgreSQL, but that's it. Note that the domain is not verified at all, only the username. So the user Administrator in your primary and a trusted domain will be considered the same user if they try to connect to PostgreSQL. Note that this method is not compatible with Unix clients."
If you mix Unix-Windows then you have to resort to kerberos using GSSAPI which means you have to do some configuration. This article on deploying Pg in Windows environments may perhaps lead you in the right path.
If anyone else encouters this like I did so starting from 9.5 you wil need to add an optional parameter both to the ipv4 and ipv6 in order for this to work
include_realm=0
so the whole thing will look like
host all your_username 127.0.0.1/32 sspi include_realm=0