PostgreSQL user account has unknown password by default - postgresql

I just installed PostgreSQL 13 on Windows 11. When I run the command psql by default it uses the user aaron, the name of my Windows user account. However, it asks me for a password. I have tried all passwords associated with my Windows account as well as the default password I set for the user postgres, none of which worked. I was able to log in with psql -U postgres, and I ran the command \du, and there was only one role in the list, postgres. Later I created the role aaron without specifying a password, but it still asks for a password.
So, did the user aaron exist initially or not? If not, then how was it the default user when I ran the psql command? What is the password for this user?

So, did the user aaron exist initially or not
No, it did not. The only user that is created when installing Postgres (or more precisely: when running initdb) is postgres.
If not, then how was it the default user when I ran the psql command
Quote from the manual
The default user name is your operating-system user name, as is the default database name
psql simply uses the operating system user as the default username to connect to the server. It knows nothing about the database user(s) until it tries to connect with a specific username and potentially password.
You can set a different default through the (Windows) environment variable PGUSER
Later I created the role aaron without specifying a password, but it still asks for a password.
Whether or not a password is required is controlled through pg_hba.conf

When you run psql command and don't provide a username it considers (that the current system user which in your case is aaron) is the user you want to use to login and hence you see a user which really don't exists.
Now regarding the password you might want to check a file generally named as pg_hba.conf which hold the essentials of who can connect (IPs) what username can he have and should that user be asked for password.
Now generally you will find answers saying that find this file and write down trust everywhere (which basically means if some specific user from a specific IP access this database of replication then don't ask for a password and let him enter), which you should not do until and unless you are utterly sure the postgresql server is just just local and has no real-time purpose.
So concluding you want to create a user with some encrypted password and then provide necessary privilege.
P.S: I have tried all these on a linux machine, but the server configurations are more or less same.

It's worth pointing out that PostgreSQL has it's own users and permissions independent of the OS. Some installers will automatically create a postgres OS user. I'm not sure what Windows does.
It seems that PostgreSQL can do Windows authentication. See this question for details on how to configure that.
As #a_horse_with_no_name has said, connection configuration is controlled by pg_hba.conf

PostgreSQL tries not to leak information about its users, so the failed-authentication attempt is not given much information about why it failed.
If you look in the server's log file, rather than the clients, you should first see messages about 'aaron' failing to authenticate because the user does not existing, and then (after you create it) about it failing to authenticate because it has no password assigned.
When you created the user, you should have assigned it a password if you wanted to use a password. Or as a superuser in psql, create it without a password and then assign one with \password aaron That way the password won't be visible on the screen, or in the log files.

To give a concise, direct answer:
right click on Windows icon and click “System”.
scroll down to “Advanced System Settings”.
click Environment Variables.
in “System variables”, click “New”.
Set Variable Name to PGUSER and Variable Value to postgres.
Or, in cmd: set PGUSER=postgres, which also sets it globally.
go to "Services" (in Task Manager), and restart the "postgresql-X64" service.

Related

Change the default role when using 'psql'

Whenever I write psql in the cmd, it automatically asks the password for a user name 'Master'.
Now, I don't have a user named that way so I don't have a password for it.
I don't see it happening anywhere else.
What I do want is, whenever I write psql, it will use the 'postgres' user instead of the non-existing 'Master' one.
Also, I see people in tutorials just writing psql and it doesn't ask them for the password. So, I would like to do that as well.
Thanks in advance

Password not working after typing psql in command prompt

I'd like to learn how to use postgres, so I just installed it, set my password, and added the \bin and \lib directories to my system path. I then ran psql in the command line, typed the password that I just set when I was prompted, and now I receive this error:
psql: error: FATAL: password authentication failed for user "me"
I don't understand why that happened. Any ideas? I am using windows 10.
The windows installer asks you to specify the password for the super user named "postgres". But if you just type psql, you are trying to log in as the PostgreSQL which has the same name as your windows OS user. But that PostgreSQL user probably doesn't even exist, much less have the same password as you specified upon installation.
So the first time you log in, you have to tell it to log in as the initial superuser, with -U postgres. Once logged in, you can create a user named 'me' (create it with a password--possibly the same as the first password you assigned, although generally they would be different), and a database named 'me'. From them on, you could log in as this new user to this new database, just by typing psql and then giving the password when it asks.
In general, the initial user and the initial database are only used for maintenance operations. Other tasks should be done with the users and in the databases you set up after the first time you log in. This isn't "the law" of course, it is just "a good idea".

How to change the default username a postgresql db is connecting to?

I've seen posts that describe how to set postgresql server to connect to your own user but I could not find any posts that describe how to make psql connect to the default postgres user instead by default. In my case, right after installation when I open up psql, it connects to the username with the name same as my windows user instead of the postgres user that I want it to connect to.
As documented in the manual you can define an environment variable PGUSER which is used instead of your Windows user as the default user for all Postgres command line tools.
You can create a psqlrc.conf file with following data:
\c <database> <user>
Doc says:
The user's personal startup file is named .psqlrc and is sought in the
invoking user's home directory. On Windows, which lacks such a
concept, the personal startup file is named
%APPDATA%\postgresql\psqlrc.conf. The location of the user's startup
file can be set explicitly via the PSQLRC environment variable.

Setting password for PostgreSQL user doesn't work

I'm stuck.
The task: I need to have a certain Postgres user to own certain database with predefined password. Basically, I just don't want to maintain separate development settings for Django project apart from those present in our project's repo.
Prerequisites: PostgreSQL 9.1 on Ubuntu, database 'project' which has the owner 'project'. The 'project' user is seems to be also superuser, and should have the password 'project'. Of course there are fake names, just because of NDA. Note: I'm able to log in as 'postgres' user, that's how I use the database right now.
The problem: I tried a set of ways, mostly obvious which can be found here on Stackoverflow or in Google, to set a password to this user, but still having 'password authentication failed' message (see below).
What I've tried:
setting up password via PgAdmin
setting up password through ALTER ROLE project WITH PASSWORD 'project'
changing settings in pg_hba.conf, tried local all project peer, local all project md5
Maybe I'm missing something straightforward, please let me know.
Thanks!
UPDATE:
Here is a screenshot for this user from login roles pane -
See that part at the bottom of your screenshot:
.. VALID UNTIL '1970-01-01 00:00:00:
or the "Account Expires" field above
That expiration date is wrong and explains why this account can't login.
Presumably you've been bitten by the pgAdmin bug mentioned here:
Postgres password authentication fails
TL;DR solution: ALTER USER username VALID UNTIL 'infinity';
(and of course update pgAdmin).
Is the LOGIN attribute set in your role? CREATE ROLE does not set this attribute by default. See: http://www.postgresql.org/docs/9.1/static/role-attributes.html

default postgres user and password

I'm just new to postgresql db management.
I've been playing around with a db that I didn't create.
Trying to understand the different roles that have been created.
Does the fact that I can log in doing the following mean that the postgres user has no password set up?
psql -U postgres
I did a
`select * from pg_roles`
and I can see that there is a password set.
I found this article: http://www.postgresql.org/message-id/4D958A35.8030501#hogranch.com
which seeme to confirm that the postgres user is there by default...
and you have to explicitly set a password. It's the second part about the password that I'm not sure about. Is it blank by default or set to something?
I know that if pg_hba.conf is set to trust everything from 127.0.0.1, then you can log in from the local server without specifying a password. That might be what's happening in my case... i will test by changing the pg_hba.conf file...
But it'd be nice to know what the default password is for postgres user.
Thanks.
pg_roles is not the view that can tell whether a user has a password or not, because the password field is always set to ******** no matter what.
This comes from the definition of this view (taken from version 9.3):
select definition from pg_views where viewname='pg_roles';
Result:
SELECT pg_authid.rolname,
pg_authid.rolsuper,
pg_authid.rolinherit,
pg_authid.rolcreaterole,
pg_authid.rolcreatedb,
pg_authid.rolcatupdate,
pg_authid.rolcanlogin,
pg_authid.rolreplication,
pg_authid.rolconnlimit,
'********'::text AS rolpassword
pg_authid.rolvaliduntil,
s.setconfig AS rolconfig,
pg_authid.oid
FROM (pg_authid
LEFT JOIN pg_db_role_setting s
ON (((pg_authid.oid = s.setrole) AND (s.setdatabase = (0)::oid))));
Note how the rolpassword column is hardcoded to reveal nothing (We may wonder why it's there at all. Maybe for backward compatibility?)
On the other hand , there is a pg_shadow view that displays passwords as they're stored, in a column named passwd. This view is only readable by a superuser (typically: the postgres user).
Example:
create user foo unencrypted password 'foopassword';
create user bar encrypted password 'foopassword';
select usename,passwd from pg_shadow where usename in ('postgres','foo','bar');
Result on a vanilla Debian install:
usename | passwd
----------+-------------------------------------
postgres |
foo | foopassword
bar | md50390570d30cb9a2f9cb7476f0763cf51
Initially the postgres password is often empty, except on Windows for which the installer tends to ask for it. On Unix, pg_hba.conf is often set up such that only the OS user postgres may log in as the database user postgres through Unix socket domains without a password. This is reasonable as a default security policy. Windows doesn't have Unix domain sockets, and the most recent versions of the installer don't even use a postgres OS user, so it makes sense that it implements a different default security policy.
If a password is blank and the pg_hba.conf requires a password for the particular database/user/origin of an incoming connection, then the connection is rejected. There's no difference between a blank password and a lack of password.