i want to give read only access to a user in my Postgres database.
I have created the user and gave read access to certain schema's and add his IP in pg_hba.config file,but the issue is that the user don't have a particular IP ,today he connects from a different IP and get's the same error.So adding the IP to pg_hba is not an option.
FATAL: no pg_hba.conf entry for host "67.xxx.xxx.53", user "abc_read", database "postgres", SSL on FATAL: no pg_hba.conf entry for host "67.xxx.xxx.53"
So is there a way to give access via SSH Key or certificates, not sure how certificates works in postgres?
can anyone give me a hint/suggestion on this?
Related
I'm using Postgresql, and I have a database named django_db and a user manuel. I want to connect to this database by this user, I tried this \c django_db manuel but I get this error:
FATAL: Peer authentication failed for user "manuel"
Previous connection kept
How can I solve this problem?
Make sure the user manuel has access to the database django_db in the pg_hba.conf file, e.g.
host django_db manuel your_ip_adress md5
Or if you prefer to give this user access to all databases
host all manuel your_ip_adress md5
After modifying your pg_hba.conf you have to either restart postgres or simply reload the file using the following function:
SELECT pg_reload_conf();
Unless you have a user mapping in place, only the OS user named 'manuel' can connect as the PostgreSQL user named 'manuel'. This is what "peer authentication" means.
You have many choices here. Try this as an OS user named 'manuel', or change from peer to some other type of authentication (in pg_hba.conf), or create a pg_ident.conf file (and then configure pg_hba.conf to use it) that allows the OS user you actually are to login as PostgreSQL user 'manuel'.
I have the following code which connects to a database on my remote server (the connection script resides on the same server):
Database::$ErrorHandle = new PDO('pgsql:host=111.222.33.44;dbname=mydatabase;', 'postgres', 'mypassword', $db_settings);
The problem is I can change the password to be anything at all and the connection is still made! Like seriously what the hell!?!
Can my database be connected to (providing you know the IP and db name) by anyone from a PHP script running on a different server?
How can I enforce passwords, I have looked at the following stack overflow page and did what they said but still no luck:
How to change PostgreSQL user password?
I am running Ubuntu 12.04 server with PHP 5.5 and Apache2
Off course your postgresql database can be properly configured to only connect with authenticated users even certain users (Roles in Postgres) from certain IPs/sockets.
Some considerations:
Do you see data? Or can you just connect to the server? Can you list the databases?
Look at your pg_hba.conf and setup the proper permissions, per role per database per source
Did you grant access to the mydatabase to everyone? Which roles did you grant access?
Does the database have its tables in the public scheme? And granted access to the public?
Yes, with this configuration everyone who knows your IP and database name can connect to your database.
Hello i am a beginner to postgresql, I am unable to connect Postgresql database on linux system from windows through pgadmin client . I am getting the following error
FATAL: no pg_hba.conf entry for host "192.168.1.42", user "postgres", database "postgres", SSL off
Kindly suggest me how to do.Thanks in advance
On the db server, edit your pg_hba.conf file and add a line similar to this:
host all all 192.168.1.42/32 md5
If you don't want to use a password (I won't get into the security aspects), you can switch the "md5" for "trust". If you only want to allow the postgres user access to the postgres maintenance database, then switch both "all" words with "postgres" (no quotes).
You'll need to reload the config files after making any changes.
Eg.
pg_ctl reload
or
select pg_reload_conf(); -- as the superuser
If you don't know which pg_hba.conf file your database cluster is using, if you can connect to any of the databases, issue select current_setting('hba_file');
by default, postgresql deny all connexion if it's not from "localhost"
here is a link for you :
https://wiki.debian.org/PhpPgAdmin
I am trying to set my local postgresql so it does not have a password. I understand that this has to be done in the pg_hba.conf file and to acceess that file I have to be a postgres user. But to be a postgres user, I have to login with su postgres and enter the password that I don't have.
Any solution to this (I am on OSX)?
You're confusing several different concepts about the security model.
There is a postgres operating system user, which the PostgreSQL server runs as in order to isolate its data files and to limit damage in case of a security breach or application bug. PostgreSQL won't run as root for security. This user doesn't generally have a password, but you can change to it via the root account using sudo - you can sudo to this user with something like sudo -i -u postgres.
There is also a postgres database user, the default database superuser. This user doesn't generally have a password by default, but pg_hba.conf allows the postgres operating system user to connect as the postgres PostgreSQL user using peer authentication.
If you want you can change the configuration so that you use a password for the postgres database user, so you can psql -U postgres from any system user account:
ALTER USER postgres WITH ENCRYPTED PASSWORD 'blahblah';
Edit pg_hba.conf ("hba" is "host-based authentication") to use md5 authentication for local and host connections.
Re-start or re-load PostgreSQL
Similarly, if you want to allow any system user to connect as any database user without a password, you must modify pg_hba.conf and set trust as the authentication mode for local and host connection types. Please only use trust authentication for testing.
To learn more, see the client authentication chapter in the PostgreSQL documentation.
I'm pretty new to PostreSQL. I've spent all morning trying to get user logins working properly, and I'm terribly frustrated by now!
So, I have a PostGIS database, version 9.2, as part of the OpenGeo suite of software. I could access the database with the postgres user, but want to make a group role and user with access to a database so that it can create tables and update/select/delete etc. in that database.
I can create a user, that works, and I can login with that user. I can create a group role and assign privileges to the role. I can then add the user to the group role, and then can NO LONGER LOGIN!
It even got so that when I added the user postgres to the group, that user can't login. I remove the group but the inability to login persists.
Now, I have played with pg_hba.conf a lot. And I can now login as postgres, but only if 'trust' is enabled, and I can't login with any software, such as PGAdminIII.
It would be great to get some advice as to what is going wrong, and to enable authenticated logins again.
pg_hba:
Code:
# Database administrative login by Unix domain socket
local all postgres trust
local all gisadmin trust
# TYPE DATABASE USER ADDRESS METHOD
local all opengeo md5
local all opengeo md5
# "local" is for Unix domain socket connections only
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
host all gisadmin localhost trust
# IPv6 local connections:
host all all ::1/128 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local replication postgres peer
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5
Just as a final note, I would like to be able to login via a SSH tunnel. I could do that originally with the 'postgres' user, but now that I added and removed that user from a group, I can't.
Edit: the error messages...
If I login via SSH tunnel in PGAdmin with the correct password, I get the error "FATAL: password authentication failed for the user ..."
If I try to login via SSH tunnel in PGAdmin without a password, while the trust option is set, I get the error: "error connecting to the server: fe_sendauth: no password supplied".
The first error still happens when logging in locally, just via SSH and psql, but the second one goes away and I can log in.
output of \du+:
output of \dg+
I think this behaviour may be related with pgAdminIII, because i'm having similar issues and it seems every time i connect to my db as postgres using pgAIII and look at the definition tab in user properties, the check box for the "expiring date" is checked and either 1/1/1970 or 31/12/1969 are set as expiring date. The solution proposed by Daniel works, so it's obvious the problem is the expiration of the password.
Seems that this bug was corrected in pgAdmin 1.16.2 as you can see in the changelog:
http://www.pgadmin.org/development/changelog.php
Cheers
In the \du+ output, the Password valid until 1970-01-01 00:00:00+00... look quite suspicious. Strictly speaking, the passwords for gisadmin, postgisrw and postgres are no longer valid so that might explain why password-based authentication methods fail for these accounts.
You may try ALTER USER username valid until 'infinity' on these accounts and see if that solves the problem.
Also when connecting to PG through a SSH tunnel, be aware that the pg_hba.conf entries starting with host are ignored. These entries are only considered for connections to Unix domain sockets. Sometimes users confuse that with connections from localhost to itself.