I am having an issue where I forgot the password to the postgres shell when trying to login as postgres. I looked online and found several different things to do, but none of it worked. I have messed with the pg_hba.conf file but even with that change, it is not working. Here is what my pg_hba.conf file looks like.
# Put your actual configuration here
# ----------------------------------
#
# If you want to allow non-local connections, you need to add more
# "host" records. In that case you will also need to make PostgreSQL
# listen on a non-local interface via the listen_addresses
# configuration parameter, or via the -i or -h command line switches.
# CAUTION: Configuring the system for local "trust" authentication
# allows any local user to connect as any PostgreSQL user, including
# the database superuser. If you do not trust all your local users,
# use another authentication method.
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Allow replication connections from localhost, by a user with the
# replication privilege.
host replication all 127.0.0.1/32 trust
host replication all ::1/128 trust
and then i ran the follwoing command:
brew services restart postgres
and I keep getting the following error:
omars-MacBook-Pro:postgres omarjandali$ psql -U postgres Password for user postgres: psql: error: could not connect to server: FATAL: password authentication failed for user "postgres"
Anyone know how to fix this issue.
It looks like your command psql -U postgres is attempting to make a socket connection, however you've only got trust authentication set up for TCP/IP connections on localhost.
Try psql -h localhost -U postgres.
Alternatively, add a line to pg_hba.conf setting up trust authentication for socket connections:
host all all trust
and restart PostgreSQL (though you don't actually need to restart it, pg_ctl -D /path/to/data-directory reload should work if you know the actual data directory path).
Related
I just create a user and new database on my local machine.
sudo su - postgres -c "createuser gauthier"
sudo su - postgres -c "createdb local-ag-db"
Then:
$ sudo -u postgres psql
sudo -u postgres psql
psql (11.9 (Debian 11.9-0+deb10u1))
Type "help" for help.
postgres=# grant all privileges on database "local-ag-db" to gauthier;
GRANT
I can access the database locally through a socket:
$ psql local-ag-db gauthier
psql (11.9 (Debian 11.9-0+deb10u1))
Type "help" for help.
local-ag-db=> \conninfo
You are connected to database "local-ag-db" as user "gauthier" via socket in "/var/run/postgresql" at port "5432".
But I cannot access it through localhost:
$ psql -d local-ag-db -h localhost -U gauthier
Password for user gauthier:
psql: fe_sendauth: no password supplied
My guess is that while createuser accepted to create a user without a password, logging in through the host requires identification that this user cannot provide.
This is the default content of /etc/postgresql/11/main/pg_hba.conf:
# Database administrative login by Unix domain socket
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
local replication all peer
host replication all 127.0.0.1/32 md5
host replication all ::1/128 md5
I have tried adding this at the end of that file, after reading the included documentation:
host local-ag-db gauthier samehost peer
but that did not work (after a restart sudo /etc/init.d/postgresql restart), it even broke my Unix socket access:
$ psql local-ag-db gauthier
psql: could not connect to server: No such file or directory
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
I also tried this as last row of my config, with the same result:
host local-ag-db gauthier 127.0.0.1/32 peer
My questions:
how do I allow my local user to access the database through localhost?
how do I edit my conf file so that I don't break everything? (Unix socket method stops working when I add a rule)
On Debian.
You will need to add a line like:
host all all localhost trust
As you have no explicit rule currently it is dropping through to another catch all rule and prompting for authentication. Adrian's comment above is saying the same and likewise I don't suggest using trust outside of testing your connectivity - you really should assign a password and enforce it.
Adding entries to the pg_hba.conf needs care as the PostgreSQL will find the first match:
The first record with a matching connection type, client address, requested database, and user name is used to perform authentication. There is no “fall-through” or “backup”: if one record is chosen and the authentication fails, subsequent records are not considered. If no record matches, access is denied.
From https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
Regarding
Is the server running locally and accepting
connections on Unix domain socket "/var/run/postgresql/.s.PGSQL.5432"?
Looks like the restart may not have worked. Looks like no response rather than authentication failure.
Your server is not running. It never came back up when you tried to restart it, because you broke your hba. If you look in the log file, you should something like:
LOG: peer authentication is only supported on local sockets
FATAL: could not load pg_hba.conf
LOG: database system is shut down
Unbreak your pg_hba.conf and start the server again. Also, read your log files when you don't know what's going on. That is what they are there for.
You will need to choose a different method for authentication over localhost. ident is equivalent to peer, but it requires you to run the identd daemon on the server, and is not very secure for any addresses other than loopback ones.
Recently I'm using PostgreSQL9.2 both in Windows 10 and Redhat (Linux).
But now I'm little concern about PostgreSQL access authentication.
Late me explain...
When i first installed PostgreSQL in my system i used two different password for two log in role postgres (default) and adempiere (created). In Redhat i use to psql -h localhost -U postgres db_name and psql -h localhost -U adempiere db_name command. Sometime this command wants password sometime not.
Recently I have used ALTER USER postgres WITH PASSWORD 'new_password'; and ALTER USER adempiere WITH PASSWORD 'new_password'; command to change. But here is an another problem. After changed my password when i get database access with psql -h localhost -U adempiere db_name command, i can access with both old_passwod and new_password.
Now what can i do for Strong authentication in my Database both Windows 10 and Redhat (linux) ?
Here is part of my pg_hba.conf for reference:
# Put your actual configuration here
# ----------------------------------
#
# If you want to allow non-local connections, you need to add more
# "host" records. In that case you will also need to make PostgreSQL
# listen on a non-local interface via the listen_addresses
# configuration parameter, or via the -i or -h command line switches.
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all 192.168.2.151/32 trust
host all all 192.168.2.5/32 trust
host all all 192.168.2.6/32 trust
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres md5
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
To force password authentication for every connection, replace trust with md5 everywhere in pg_hba.conf and reload the server.
It is dangerously negligent to use PostgreSQL 9.2. Use a later version. For one, this will offer the more secure scram-sha-256 hashing method for password authentication.
I just installed PostgreSQL 9.2 server on an EC2 AMI instance. However I am not able to connect to it from the command prompt.
Moreover I see two directories in /var/lib: pgsql9 and pgsql92. The data directory in pgsql92 is empty and hence it looks like pgsql9 is the one that is getting used.
[root#ip-172-31-56-103 etc]# psql
Password:
psql: FATAL: password authentication failed for user "root"
[root#ip-172-31-56-103 etc]# sudo su - postgres
-bash-4.2$ psql
Password:
psql: FATAL: password authentication failed for user "postgres"
-bash-4.2$ psql -U postgres
Password for user postgres:
psql: FATAL: password authentication failed for user "postgres"
-bash-4.2$
pg_hba.conf
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
host all all 0.0.0.0/0 md5
# IPv6 local connections:
host all all ::1/128 ident
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 ident
#host replication postgres ::1/128 ident
postgresql.conf
listen_addresses = '*'
To work out which PG install you are using: ps -ef | grep pgsql. You will see for sure which binary, data directory and conf file is being used to give you some comfort.
Have you changed the pg_hba.conf from the default? If so, did you reload it? Something like sudo service postgresql reload should do it, depending upon your OS.
You might want to change the IPv6 local connection to use md5 as well.
Try adding -h localhost or -h 127.0.0.1 to your psql command: e.g. psql -h localhost -U postgres.
Check your postgres password to be doubly / triply sure.
Otherwise, check out the specific docs for your OSs installation. Sometimes apt or yum repos do some additional security configuration for you.
Finally, worst case, change all the pg_hba.conf auth methods to trust, then restart the database, logon, change the postgres password, logout, change the auth methods to md5, reload and try to logon again.
I have a AWS server which I can access using SSH with a .pem key.
Using valentina, i tried to access the postgres this way
I keep getting a failed Ident message.
I used that same .pem file and ssh into the server.
Used the same postgres user and password to access using psql client.
It works.
What do I need to do to make the Valentina Studio work as well?
UPDATE:
I have changed my pg_hba.conf to the following:
host all all * ident
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 ident
# IPv6 local connections:
host all all ::1/128 ident
I can run psql -U postgres on the postgres server.
I cannot run psql -h localhost -U postgres on the the postgres server.
UPDATE 2:
# "local" is for Unix domain socket connections only
local all postgres peer
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
This solves the issue
I keep getting a failed Ident message.
This suggests that you can in fact ssh in fine.
At a guess, your manual tests are along the lines of:
psql mydb
which will generally use a unix socket, which appears as local entries in pg_hba.conf.
By contrast your application will be connecting over TCP/IP, probably to a socket forwarded over ssh to localhost. This authenticates with host entries in pg_hba.conf.
So I think you're testing a different thing when logging in directly.
Try manually:
psql -h localhost mydb
i.e. force a TCP/IP connection to be used. You'll get the same error, and it's because of your setup in pg_hba.conf choosing ident as the auth method for host connections from localhost, and presumably there's no identd running or other mechanism to allow proper ident. You probably want to use md5 auth.
I have setup a Ubuntu VPS as per the railcast episode #335. I've worked through a few issues but can't get past the error above when starting Unicorn. I have been testing with this command to connect to the db since.
psql -U postgres -W
I have edited /etc/postgresql/8.4/main/pg_hba.conf as follows
# Database administrative login by Unix domain socket
local all postgres trust
# TYPE DATABASE USER CIDR-ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
It doesn't seem to matter what METHOD I use (trust, md5, password) the error is the same.
Any ideas would be appreciated.
Try using psql -U postgres -h localhost
As Per my setting plz use below setting can help this setting dear...
host all all 0.0.0.0/0 md5
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
You usually connect as the postgres user with sudo -u postgres psql. Note that sudo prompts for the current users password (unless you are root), not a user from the database.