psql: FATAL: PAM authentication failed for user " " aws rds Postgresql - postgresql

I want to connect to aws rds POSTGRESQL in dev from my own computer.
I followed all the steps on how to do it from bunch of articles:
https://aws.amazon.com/premiumsupport/knowledge-center/rds-postgresql-connect-using-iam/
https://aws.amazon.com/blogs/database/using-iam-authentication-to-connect-with-pgadmin-amazon-aurora-postgresql-or-amazon-rds-for-postgresql/.
The problem is if I create the database in aws console interface, I am able to log in ONLY once.
psql -h database.xxxxxxxx.us-west-2.rds.amazonaws.com -U user_name -d database
Other times I try to log in with the same any other command, I get
psql: FATAL: PAM authentication failed for user "user_name"
First and only time I login, I create a user
CREATE USER user_name WITH LOGIN;
GRANT rds_iam TO user_name;
All other attempts including the other steps logging with the iam token etc, I get an error:
psql: FATAL: PAM authentication failed for user "user_name"
If I delete the database from aws console interface and then create a brand new one, I am able to log in only ONCE and and then get the error no matter what I do.
nc Command gives me Connection succeeded at all times I run it:
nc -zv DB-instance-endpoint port
The commands I am using :
export RDSHOST="database.xxxxxxxx.us-west-2.rds.amazonaws.com"
export PGPASSWORD="$(aws rds generate-db-auth-token --hostname $RDSHOST --port 5432 --region us-west-2 --username user_name)"
I get the error if I use the PGPASSWORD in pgAdmin window.
Also, I am trying to connect from the the terminal either mine or ssh into ec2, I use this command:
psql "host=$RDSHOST port=5432 sslmode=verify-full sslrootcert=./rds-combined-ca-bundle.pem dbname=database user=user_name"
and I still get the same error
psql: FATAL: PAM authentication failed for user "user_name"
or
If I use another command, without the .pem certificate
psql --host=database.xxxxxxxx.us-west-2.rds.amazonaws.com --port=5432 --username=user_name --password --dbname=database
Then it asks me for a password and Then I get this error
psql: error: FATAL: PAM authentication failed for user "user_name"
FATAL: pg_hba.conf rejects connection for host "222.22.22.22", user "user_name", database "database", SSL off
"222.22.22.22" is My Ip, I changed it of course.
I attached all the required and all the RDS access Policies to my user and still getting this error.
I am just no sure what to do at this point as I went through every single article and cannot find a solution.

I had a similar problem and after some playing around with psql utility I found the reason for these errors. You shall export your temporary database password/token to shell of the machine/service etc where the connection will be initiated from.
So, if psql connection is initiated from Bastion, the below command should also be run on the same Bastion server.
export PGPASSWORD="$(aws rds generate-db-auth-token --hostname $RDSHOST --port 5432 --region us-west-2 --username user_name)"
or generate it elsewhere and export its value as
export PGPASSWORD="temporary_token_generated_for_user_name"
With this exported $PGPASSWORD variable, it psql should connect straight away, without promting for any additional passwords

I found the solution finally. So if anyone has the same issue and goes nuts about it, here is the solution:
If everything is working as I described above and the only error you get is PAM.. then:
your config file is not properly set up. It does not have the username you are trying to connect, the region, and the keys.
~/.aws/config
[profile PROFILE_NAME]
output=json
region=us-west-1
aws_access_key_id=foo
aws_secret_access_key=bar
Here is the link to the question on how to set it up:
AWS : The config profile (MyName) could not be found

Related

Password authentication failed for user

I am having a problem trying to run psql on my MacOs. The psql command returns the following error:
psql: error: connection to server on socket "/tmp/.s.PGSQL.5432" failed: FATAL: password authentication failed for user "luicruz"
How could I fix this?
I try to put my sudo password when the terminal request me the password, but it didn't work. The only password that works is for the default user "postgres" that I set the password when I install the app on my system.
I don't know why the user 'luicruz' was automatically created, I didn't create this user or set a password for this user.
And now I can't use the psql command.
Below is an image showing the login/Group roules of the Pg Admin 4 and also the return of the commands in the terminal
The problem is that the psql command needs to be used in addition to the database name, and I didn't know that. After creating the database, I was able to use the command apart from the psql command.

Unable to execute postgres command

I'm having difficulty changing the password associated with the postgres user after installing postgres on my windows 10 machine. My apologies in advance as I'm quite unfamiliar with postgres as well as the commands required to work with it.
I've referenced the approved answer in the below article:
FATAL: password authentication failed for user "postgres" (postgresql 11 with pgAdmin 4)
I'm stuck on the step that requires me to
Connect using psql or pgAdmin4 or whatever you prefer
Run ALTER USER postgres PASSWORD 'fooBarEatsBarFoodBareFoot'
I don't quite understand this step. I've taken the following steps
Open cmd
run psql
The system then asks me for password for username jason. Regardless of what I enter, i get the following message:
psql: error: could not connect to server: FATAL: password authentication failed for user "jason"
At no point do I have an opportunity to enter the following command:
ALTER USER postgres PASSWORD 'fooBarEatsBarFoodBareFoot'
How can I run this command without being asked to enter a password for postgres?
Thanks!
The steps below require that you remember what you did when you installed PostgreSQL.
Locate the data directory where the installation process created the database cluster. By default, that would be a subdirectory of where you installed the software (which is a bad place)
Edit the pg_hba.conf file therein and add this line on top:
host postgres postgres 127.0.0.1/32 trust
Reload or restart PostgreSQL.
Start cmd.exe and enter
psql -h 127.0.0.1 -p 5432 -d postgres -U postgres
If psql is not on your PATH, use the absolute path C:\...\psql.
Use \password to change the password.

PostgreSQL: FATAL: password authentication failed for user "postgres"

I have a ThingsBoard Professional Edition setup using AWS EC2 instance. The database is PostgreSQL-12. I tend to get the following error: FATAL: password authentication failed for user "postgres" FATAL: password authentication failed for user "postgres" when trying to log into the remote database server on pgAdmin4.
Here is a screenshot of the error shown when attempting to log in to server created on pgAdmin4.
Here is how I configured the remote database server (where Host name/address is the Public IPv4 of my EC2 instance).
In postgresql.conf, I have replaced the line listen_address='127.0.0.1' with listen_addresses='*'.
In pg_hba.conf, I added host all all 0.0.0.0/0 md5.
Here is a screenshot of my pg_hba.conf file:
I have also set the password for the user 'postgres' using the psql command #\password.
Here is what is shown in thingboard.log when I run the command:
cat /var/log/thingsboard/thingsboard.log | grep ERROR
Partial screenshot of /var/log/postgresql/postgresql-12-main.log shows the following:
I constantly have to use #ALTER USER postgres PASSWORD ‘<password>’; to be able to overcome this error but the error tends to return when I restart my local Windows machine.
That must be done by some software other than PostgreSQL.
Configure logging by setting log_statement = 'ddl' in postgresql.conf and restarting the database. Then you can more easily figure out when and by which software your password gets changed.
Additionally, configure pg_hba.conf to not allow passwordless connections from anywhere, then change the password. You may see some component start to complain - that component may be at fault.

AWS EC2 Postgres authentication failed

I did setup Postgres-12 on Centos AMI EC2, It works well.
However, Sometimes (my case is the next day) I can not connect my DB by trying
$psql -h XXXX -p5432 -Upostgres
A authentication failed error
psql: error: could not connect to server: FATAL: password authentication failed for user "postgres"
Next, I change my postgres user again by
$sudo su - postgres
~]$ psql -c "alter user postgres with password 'postgres'"
The connection login become work.
But sometimes it become not work again (same above authentication failed)
I reset postgres password the same above command => The connection login become work.
It repeats #2
I don't know why. Does anybody know that? What should I do?
I realize that the my Postgres use very much CPU (%CPU: 99%).
hat could be solution to this problem. I would appreciate any suggestions.
Thank you

How to run postgresql from Command line and know available Databases in Windows

I am very new to postgreSQL and struggling to create a connection in my Eclipese.
Here is what I have done till now:
Installed DBeaver plugin for eclipse from marketplace.
Installed PostgreSQL version 10 from https://www.postgresql.org/download/windows/
Now I attempt to create a connection in Eclipse but I get an error "FATAL: password authentication failed for user "testuser"
I checked through a similar thread (
Getting authentication failed error with postgresql from command line
) but could not resolve the issue.
Could you please help.
To connect the PostgreSQL via Command line you have to install a PostgreSQL provided tool called "psql" if not installed already.
Then use the below command to connect to PostgreSQL database.
psql -h localhost -p 5432 -U postgres
Explanation:
localhost: is the hostname of machine where PostgreSQL is installed.
5432 : is the default PostgreSQL port
postgres : is the username of to connect to DB
Solution for your issue:
FATAL: password authentication failed for user "testuser"
As error message specified, either user not exists on database or the password that you supplied to connect is incorrect. Re-verify your user and password, and try again.
All the best.