I am new to this SQL stuff and I recently installed Postgres 14.3 on my windows machine as part of an online learning requirement. I created a database and a user to connect to the database in the following lines from the shell:
postgres=# create database staff;
postgres=# create user Naruto with encrypted password 'secret';
postgres=# grant all privileges on database staff to Naruto;
postgres=# \c staff Naruto;
password for user Naruto:
After inputting the password I get an error message like this
connection to server at "local host" (127.0.0.1), port 5432 failed: FATAL: password authentication failed for user "Naruto"
Previous connection kept
Whereas the video description from which I am taking tutorials didn't ask for a password prompt but it connected to the database straight up with the designated user.
I have tried numerous suggestions on stack overflow but still, no breakthrough in any way. I'd appreciate any hint because I haven't recorded any progress with my learning recently. Thanks!
The user you created is named "naruto", not "Naruto", because identifiers are case-folded when not inside double quotes. In the \c, however, it is not case folded because at that point is not an identifier, it is more like a command line argument.
Depending on the contents of pg_hba.conf, PostgreSQL might not tell you when you try to login as a nonexistent user. Instead it goes through the motions of authentication, even though authentication is doomed to fail. This is so that an attacker cannot determine which users exist by trying a bunch and looking at the error messages. The real reason for failure is published to the db server's log file, so if you had looked there you should have seen role "Naruto" does not exist.
If you want the user to have a capital letter, put double quotes around the name when you do the CREATE. Alternatively given that you already created the user without the cap, connect to it using the lower-case spelling. And either way, look in the servers log file when you run into problems.
I hope this might help someone in the future. All I had to do was fix the caps for the user I initially created as 'Naruto' and it got executed smoothly.
postgres=# create database staff;
postgres=# create user naruto with encrypted password 'secret';
postgres=# grant all privileges on database staff to naruto;
postgres=# \c staff naruto;
Related
I have installed PostgreSQL for a long time but just currently learning it.
Here is what happened if I run psql in the command prompt
C:\Users\VandaRsq>psql
Password for user Vanda Rashq:
Since I forgot the password for the Vanda Rashq role but I remember for the postgres role, I run psql -U postgres.
I tried to list the role by using du command and the result is this:
I also tried using SELECT rolname FROM pg_roles command and yield:
I have tried to follow this tutorial and do ALTER USER "Vanda Rashq" WITH PASSWORD 'new_password'; but it returns ERROR: role "Vanda Rashq" does not exist
My question is, does the "Vanda Rashq" role actually still exist? If yes, how to reset (change) the password in case I forgot the password? If not, how to change the default role when running psql to postgres role
Notes: I have tried to uninstall the PostgreSQL and remove all of the directories but when I try to run psql, it still ask Password for user Vanda Rashq
If the user you're looking for is not listed after calling \du in psql then the user does not exist in the database.
Btw, you could also use a select to retrieve information about database users: select * from pg_catalog.pg_user;
EDIT:
Like #jjanes pointed out you get challenged for a password based on the USER configuration in yourpg_hba.conf (see docs).
For authentication method peer it is stated:
Obtain the client's operating system user name from the operating system and check if it matches the requested database user name.
I just installed PostgreSQL 13 on Windows 11. When I run the command psql by default it uses the user aaron, the name of my Windows user account. However, it asks me for a password. I have tried all passwords associated with my Windows account as well as the default password I set for the user postgres, none of which worked. I was able to log in with psql -U postgres, and I ran the command \du, and there was only one role in the list, postgres. Later I created the role aaron without specifying a password, but it still asks for a password.
So, did the user aaron exist initially or not? If not, then how was it the default user when I ran the psql command? What is the password for this user?
So, did the user aaron exist initially or not
No, it did not. The only user that is created when installing Postgres (or more precisely: when running initdb) is postgres.
If not, then how was it the default user when I ran the psql command
Quote from the manual
The default user name is your operating-system user name, as is the default database name
psql simply uses the operating system user as the default username to connect to the server. It knows nothing about the database user(s) until it tries to connect with a specific username and potentially password.
You can set a different default through the (Windows) environment variable PGUSER
Later I created the role aaron without specifying a password, but it still asks for a password.
Whether or not a password is required is controlled through pg_hba.conf
When you run psql command and don't provide a username it considers (that the current system user which in your case is aaron) is the user you want to use to login and hence you see a user which really don't exists.
Now regarding the password you might want to check a file generally named as pg_hba.conf which hold the essentials of who can connect (IPs) what username can he have and should that user be asked for password.
Now generally you will find answers saying that find this file and write down trust everywhere (which basically means if some specific user from a specific IP access this database of replication then don't ask for a password and let him enter), which you should not do until and unless you are utterly sure the postgresql server is just just local and has no real-time purpose.
So concluding you want to create a user with some encrypted password and then provide necessary privilege.
P.S: I have tried all these on a linux machine, but the server configurations are more or less same.
It's worth pointing out that PostgreSQL has it's own users and permissions independent of the OS. Some installers will automatically create a postgres OS user. I'm not sure what Windows does.
It seems that PostgreSQL can do Windows authentication. See this question for details on how to configure that.
As #a_horse_with_no_name has said, connection configuration is controlled by pg_hba.conf
PostgreSQL tries not to leak information about its users, so the failed-authentication attempt is not given much information about why it failed.
If you look in the server's log file, rather than the clients, you should first see messages about 'aaron' failing to authenticate because the user does not existing, and then (after you create it) about it failing to authenticate because it has no password assigned.
When you created the user, you should have assigned it a password if you wanted to use a password. Or as a superuser in psql, create it without a password and then assign one with \password aaron That way the password won't be visible on the screen, or in the log files.
To give a concise, direct answer:
right click on Windows icon and click “System”.
scroll down to “Advanced System Settings”.
click Environment Variables.
in “System variables”, click “New”.
Set Variable Name to PGUSER and Variable Value to postgres.
Or, in cmd: set PGUSER=postgres, which also sets it globally.
go to "Services" (in Task Manager), and restart the "postgresql-X64" service.
I'd like to learn how to use postgres, so I just installed it, set my password, and added the \bin and \lib directories to my system path. I then ran psql in the command line, typed the password that I just set when I was prompted, and now I receive this error:
psql: error: FATAL: password authentication failed for user "me"
I don't understand why that happened. Any ideas? I am using windows 10.
The windows installer asks you to specify the password for the super user named "postgres". But if you just type psql, you are trying to log in as the PostgreSQL which has the same name as your windows OS user. But that PostgreSQL user probably doesn't even exist, much less have the same password as you specified upon installation.
So the first time you log in, you have to tell it to log in as the initial superuser, with -U postgres. Once logged in, you can create a user named 'me' (create it with a password--possibly the same as the first password you assigned, although generally they would be different), and a database named 'me'. From them on, you could log in as this new user to this new database, just by typing psql and then giving the password when it asks.
In general, the initial user and the initial database are only used for maintenance operations. Other tasks should be done with the users and in the databases you set up after the first time you log in. This isn't "the law" of course, it is just "a good idea".
I have just installed Postgres 12 on a Mac. As you may soon appreciate I am totally new to it.
During the installation process I was asked to provide a "password". I do not remember specifically, but I think it was for the some sort of admin role.
Now I want to create my first database. Reading the documentation I insert the command
createdb myfistdb
the system asks for a password. I give the one I set during the installation processes but I got the following error
createdb: error: could not connect to database template1: FATAL: password authentication failed for user "myusername"
where myusername is the user I am logged in.
The same happens if I give the system password of myusername.
I understand that my question is pretty basic, but I have been struggling quite some time without any success, so any help will be appreciated.
The database uset name used by createdb defaults to the operating system user name, so you'll have to specify the administrative superuser explicitly:
createdb -U postgres myfistdb
I want to do some cross database references in my application. Briefly, i have two databases called meta and op. I want to do some select query from meta to a table in op database like below but getting the below error. I tried with password and without password. by the way caixa user is a non-super user and my target server (op db server is having MD5 authentication mode.)
meta=> select * from dblink('dbname=op password=caixa','SELECT op_col from op_table') AS t(op_col varchar);
ERROR: password is required
DETAIL: Non-superuser cannot connect if the server does not request a password.
HINT: Target server's authentication method must be changed.
What the HINT in the above error message suggests? do i need to change the server's auth mode? Without changing the server's auth mode (MD5) can't i run the above query?
From documentation:
Only superusers may use dblink_connect to create
non-password-authenticated connections. If non-superusers need this
capability, use dblink_connect_u instead.
and
dblink_connect_u() is identical to dblink_connect(), except that it
will allow non-superusers to connect using any authentication method.
That means your dblink call is using dblink_connect implicitly. Use dblink_connect_u instead or change your auth method to e.g. md5.
Note that you also need grant execute privilege to caixa role, for example by:
GRANT EXECUTE ON FUNCTION dblink_connect_u(text) TO caixa;
GRANT EXECUTE ON FUNCTION dblink_connect_u(text, text) TO caixa;
Working example (after GRANT):
meta=> SELECT dblink_connect_u('conn1', 'dbname=op');
meta=> SELECT * FROM dblink('conn1','SELECT op_col from op_table')
AS t(op_col varchar);
op_col
--------
aaa
bbb
ccc
(3 rows)
meta=> SELECT dblink_disconnect('conn1');
EDIT:
Sorry for slightly misleading answer. Of course you don't need dblink_connect_u for md5 authenticated
connection. There is one possibility I see. PostgreSQL has two different connection types: host and local.
Running:
psql -h localhost ..
incorporates host connection, but
dblink_connect('mycon','dbname=vchitta_op user=caixa password=caixa');
uses local type, so if you have non-password method for local connection (for example ident method or trust), then it returns
ERROR: password is required
DETAIL: Non-superuser cannot connect if the server does not request a password.
HINT: Target server's authentication method must be changed.
Check
dblink_connect('mycon','hostaddr=127.0.0.1 dbname=vchitta_op user=caixa password=caixa')
for host connection. For clarity if possible please post your pg_hba.conf.
I also checked what about CONNECT privilege on vchitta_op DB, but error message is different:
REVOKE CONNECT ON DATABASE vchitta_op FROM PUBLIC;
REVOKE CONNECT ON DATABASE vchitta_op FROM caixa;
SELECT dblink_connect('mycon','dbname=vchitta_op user=caixa password=caixa');
ERROR: could not establish connection
DETAIL: FATAL: permission denied for database "vchitta_op"
DETAIL: User does not have CONNECT privilege.
There's a workaround that did the trick for me. Non-superusers can execute functions with privileges of a superuser if "SECURITY DEFINER" option is set.
( http://www.postgresql.org/docs/9.1/static/sql-createfunction.html )
That means you can create a function (with superuser owner and SECURITY DEFINER option) that does cross-database manipulation (using dblink() without password) and execute it under non-superuser
I have a similar but a different issue. I have two servers with identical postgres.conf and pg_hba.conf. However one on version 9.2.3 and one on 9.2.4
9.2.3
pg_hba.conf has
local all dblinkuser trust
then I connect to database using any ordinary user
theater_map=# select dblink_connect('dbname=TheaterDB user=dblinkuser password=dbl123');
dblink_connect
----------------
OK
(1 row)
success in connection.
9.2.4
my pg_hba.conf has the same entry as above
theater_map=> select dblink_connect('dbname=TheaterDB user=dblinkuser password=dbl123');
ERROR: password is required
DETAIL: Non-superuser cannot connect if the server does not request a password.
HINT: Target server's authentication method must be changed.
NOW
I change my pg_hba.conf on 9.2.4 as below
local all dblinkuser md5
and restart postgres
theater_map=> select dblink_connect('dbname=TheaterDB user=dblinkuser password=dbl123');
dblink_connect
----------------
OK
(1 row)
I Checked the change log between versions 9.2.3 and 9.2.4 but could not find any details.
note: changing auth method from trust to md5 on 9.2.3 does not make any difference and still works.
I found this question googling for same error message, though I use fdw extension rather than db_link. Following steps helped to fix my problem:
find user has no password and set it on - alter user myuser with password 'mypassword'
find authentication method is trust and set it to md5 - vim /var/lib/postgresql/data_/pg_hba.conf
reload pg_hba.conf - SELECT pg_reload_conf(); from psql (log out and log in to verify password is required)
(optionally try access from remote machine, db browser etc.)
setup foreign server and its user mapping - CREATE USER MAPPING FOR CURRENT_USER SERVER myserver OPTIONS (user 'myuser', password 'mypassword');
PostgreSQL 11.10
SELECT ext.column1 from
dblink('hostaddr=192.192.192.192 dbname=yourDbname user=yourUsername password=yourpass',
'select a."column1" from "Table1" a where a."column2"=2')
as ext(column1 text)