I'm trying to connect to my database using Knex like so:
const client = knex({
client: 'postgresql',
connection: {
host: '127.0.0.1',
user: 'me',
database: 'my_db'
}
});
client('some_table').then(console.log);
When I created the database (using createdb my_db at the command line) I set no password. At the command line I can run psql -d my_db and it works just fine.
However, when I try to use Knex, I get an error:
Unhandled rejection error: password authentication failed for user "me"
This happens whether I set a null password, an empty string ('') password, or leave the field off of the configuration entirely.
Can anyone explain why Knex insists on failing password authentication ... when there is no password (and when I can connect without one at the command line just fine)?
PostgreSQL does not permit login based on the presence/absence of a password. Rather, all login authentication is handled via pg_hba.conf. In your particular case--creating the me user without a password (or using null or '', as you would describe it)--the absence of the password doesn't necessarily allow your user to log in. In fact, setting no password will not allow that user to log in unless pg_hba.conf was set to some password-less setting (i.e., peer or trust).
If you want password-less login for the me user (I assume for testing/development purposes, as having password-less login is not good security practice in production), you could simply set trust-level authentication in pg_hba.conf:
#conn_origin database user ip_mask auth_method
host all me 0.0.0.0/0 trust
The more secure method of implementing password-less authentication would be to use a .pgpass file or set the PGPASSWORD environment variable. Seeing that you are trying to use knex.js, you may be better off with tweaking pg_hba.conf as above. Again, I don't know what your intentions are, but please be safe out there ;)
Disclosure: I work for EnterpriseDB (EDB)
Related
So I forgot the password of the postgres user on my PostgreSQL server. I then changed all the md5 settings in the pg_hba.conf file to trust, restarted the server and then changed the password of the postgres user using ALTER USER postgres.... Now I changed the trust settings back to md5, restarted the server again, but when I now want to perform psql -U postgres it immediately returns an error:
psql: FATAL: password authentication failed for user "postgres"
password retrieved from file "/root/.pgpass"
without asking me to enter any password. The .pgpass file has the following line in it:
*:*:*:postgres:SOME_HASH
EDIT:
Somehow this only appears when logging in as root to my server... With my other user it works just fine...
The immediate solution is to remove the .pgpass file that contains the wrong password. If you didn't create that file yourself, odds are that pgAdmin did that for you when you told it to save the password.
If you specify '-W', then psql will prompt you for a password and ignore the .pgpass file. But why not fix .pgpass, or if you aren't using it, then remove it?
I am following a tutorial on how to create a to do app with PERN stack.
(working on ubuntu 18.4, postgres version 12.3)
I did install the PostrgreSQL, server is running on 5000 and I am able to enter to the database from the command line with "psql -U postgres" but when I try to connect database with the server I am getting this error: password authentication failed for user "postgres".
I was not asked to give any password to the user "postgres" while instalation so I left the password in the db file empty.
My db file looks like this:
const Pool = require("pg").Pool;
const pool = new Pool({
user: "postgres",
password: "",
host: "localhost",
port: 5432,
database: "perntodo",
});
module.exports = pool;
what can I co?
I did set the postrgres authentication in pg_hba.conf file from peer to trust as I found in another issue on stockoverflow, but the error keeps appearing.
The immediate fix would be to eliminate:
host: "localhost"
from your connection settings. This would force the connection to be made on local which would be equivalent to what you are doing with psql -U postgres.
The longer term fix would be to use psql -U postgres to connect and then ALTER ROLE postgres WITH PASSWORD '<some_pwd>'. This would give this ROLE a password. You can do this with other roles that already exist by using ALTER or when you CREATE a new role in the create statement.
The connection authentication methods are controlled by the pg_hba.conf file. A full explanation of what it does is available here:
https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
If the above does not answer all your questions then come back with specific concerns.
Don't use user postgres to connect your application to PostgreSQL.
Create separate user for application.
Grant to application user strict permissions only for schemes and tables what it need access.
Add pg_hba.conf record for application user
Enjoy
If I go as per your error message, then you need to reset postgres password. And I believe the default isnt working or you might have forgotten after resetting it.
Please follow below tutorial for resetting password:-
https://docs.bitnami.com/aws/infrastructure/postgresql/administration/change-reset-password/
or refer the answer for below:-
What is the default password for Postgres
I'm using PostgreSQL for the first time and I am not familiar with it. When I start pgadmin and enter master password and when I want to connect to postresql and again enter same password following error pops up:
could not connect to server: could not initiate GSSAPI security context: The operation or option is not available
could not initiate GSSAPI security context: Credential for asked mech-type mech not found in the credential handle
FATAL: password authentication failed for user "postgres"
Whats the problem here?
I just had the same issue and below is how I solved it. Because you don't have a default password for the user 'postgres', you will need to set one first, like this :
Connect to the terminal as the user 'postgres' with the current admin credential (thanks sudo)
sudo -u postgres -i
Connect to the database 'postgres'
psql postgres
(optional) If the psql command is not found, you can the PostgreSQL bin path to your $PATH like this :
export PATH=$PATH:THE_PATH_TO_POSTGRESQL_BIN_FOLDER
# Example : export PATH=$PATH:/Library/PostgreSQL/12/bin
Change the password of the user 'postgres'
--- Do not forget to my_password with the desired password
ALTER USER postgres PASSWORD 'my_password';
In the pgAdmin windows, try to connect with this new password, it should work.
It is ridiculous but my solution after many trial was very very simple.
Problem seems that password is not match or connection problem. So, first make sure your password is definitely correct. You might think you enter exact same but it might be not. I tried to wrote a password to somewhere else that i can see it is correct.Then, i copied that and paste it to setup where you put your new password. Ofcourse you have to remove postgre completely for this to try.
When setup is completed, if you tried and didn't work again, then delete Postgre server and create new one. Just enter server name, connection address and password and save. if this one also not work successfully,maybe you should check if the chosen port number is alive or not for postgre server.
Sorry for that answer is not visual and some english mistakes. I just wanted to wrote really fast. Good luck :)
I imported a postgres database in my local postgres server.
I had to connect to the database (to allows django to retrive data) using the file called setup.local.
There is required to specify: DB_HOST=localhost, DB_NAME, DB_USER, DB_PASSWORD.
DB_HOST is localhost without any doubt. The DB_name is the one I choose importing (psql imported_db < downloaded_DB)
DB_USER is my_name (or I can change the owner ALTER DATABASE imported_db OWNER TO other_name).
The wire thing, for me, is that I have to use the user (either the my_name or other_name) password and not the database password (even if the variable name is DB_PASSWORD).
So the question:
does a psql database have a password or just the roles/users have ones and use them to access the database?
Andrea
Passwords are set for USER and ROLE only. A user may access multiple databases, according to the GRANTs for the ROLE.
See also:
https://www.postgresql.org/docs/10/static/ddl-priv.html
https://www.postgresql.org/docs/10/static/client-authentication.html
https://www.postgresql.org/docs/10/static/user-manag.html
DB_HOST=localhost is a key here. Look into the pg_hba.conf you will find ident against localhost connections most probably.
https://www.postgresql.org/docs/current/static/auth-methods.html#AUTH-IDENT
When ident is specified for a local (non-TCP/IP) connection, peer
authentication (see Section 20.3.6) will be used instead.
https://www.postgresql.org/docs/current/static/auth-methods.html#AUTH-PEER
The peer authentication method works by obtaining the client's
operating system user name from the kernel and using it as the allowed
database user name (with optional user name mapping). This method is
only supported on local connections.
I am trying to set my local postgresql so it does not have a password. I understand that this has to be done in the pg_hba.conf file and to acceess that file I have to be a postgres user. But to be a postgres user, I have to login with su postgres and enter the password that I don't have.
Any solution to this (I am on OSX)?
You're confusing several different concepts about the security model.
There is a postgres operating system user, which the PostgreSQL server runs as in order to isolate its data files and to limit damage in case of a security breach or application bug. PostgreSQL won't run as root for security. This user doesn't generally have a password, but you can change to it via the root account using sudo - you can sudo to this user with something like sudo -i -u postgres.
There is also a postgres database user, the default database superuser. This user doesn't generally have a password by default, but pg_hba.conf allows the postgres operating system user to connect as the postgres PostgreSQL user using peer authentication.
If you want you can change the configuration so that you use a password for the postgres database user, so you can psql -U postgres from any system user account:
ALTER USER postgres WITH ENCRYPTED PASSWORD 'blahblah';
Edit pg_hba.conf ("hba" is "host-based authentication") to use md5 authentication for local and host connections.
Re-start or re-load PostgreSQL
Similarly, if you want to allow any system user to connect as any database user without a password, you must modify pg_hba.conf and set trust as the authentication mode for local and host connection types. Please only use trust authentication for testing.
To learn more, see the client authentication chapter in the PostgreSQL documentation.