I'm trying to setup a pgbouncer pool that connects to the database using a pool definition that includes a user and password.
Subsequently each client application should connect using a different user and password. The idea is that one pool is shared by multiple client users.
Is that possible?
Here's my setup:
pgbouncer.ini
[databases]
testpool = host=testpool.mycompany.com dbname=db1 port=544 user=company_dbo password=company123 max_db_connections=20
[pgbouncer]
auth_type = plain
auth_file = /etc/pgbouncer/users.txt
users.txt
"test_user" "test123"
When I try to connect I get below error
$ export PGPASSWORD='test123';psql -h localhost -U test_user -d db1 -p 5442
psql: ERROR: password authentication failed for user "test_user"
And the logs say
2019-03-03 16:04:02.668 1 LOG C-0x2022000: db1/test_user#172.17.0.1:33204 login attempt: db=db1 user=test_user tls=no
2019-03-03 16:04:02.719 1 LOG S-0x2026fd0: db1/test_user#10.1.0.118:5442 new connection to server (from 172.17.0.2:58920)
2019-03-03 16:04:02.762 1 WARNING server login failed: FATAL password authentication failed for user "test_user"
It appears that pgbouncer tries to login to the database using the client user and password, rather than the user and password specified in the [databases] section.
auth_file is used to authenticate the user with pgBouncer, not to provide a different password for use with the database. pgBouncer will use the password it received from the client to log into PostgreSQL.
I don't know what problem you are trying to solve this way, but perhaps you can use trust authentication between pgBouncer and PostgreSQL and leave the burden of authentication entirely with pgBouncer.
There is no way to “change identity” in pgBouncer.
Related
I want to connect to aws rds POSTGRESQL in dev from my own computer.
I followed all the steps on how to do it from bunch of articles:
https://aws.amazon.com/premiumsupport/knowledge-center/rds-postgresql-connect-using-iam/
https://aws.amazon.com/blogs/database/using-iam-authentication-to-connect-with-pgadmin-amazon-aurora-postgresql-or-amazon-rds-for-postgresql/.
The problem is if I create the database in aws console interface, I am able to log in ONLY once.
psql -h database.xxxxxxxx.us-west-2.rds.amazonaws.com -U user_name -d database
Other times I try to log in with the same any other command, I get
psql: FATAL: PAM authentication failed for user "user_name"
First and only time I login, I create a user
CREATE USER user_name WITH LOGIN;
GRANT rds_iam TO user_name;
All other attempts including the other steps logging with the iam token etc, I get an error:
psql: FATAL: PAM authentication failed for user "user_name"
If I delete the database from aws console interface and then create a brand new one, I am able to log in only ONCE and and then get the error no matter what I do.
nc Command gives me Connection succeeded at all times I run it:
nc -zv DB-instance-endpoint port
The commands I am using :
export RDSHOST="database.xxxxxxxx.us-west-2.rds.amazonaws.com"
export PGPASSWORD="$(aws rds generate-db-auth-token --hostname $RDSHOST --port 5432 --region us-west-2 --username user_name)"
I get the error if I use the PGPASSWORD in pgAdmin window.
Also, I am trying to connect from the the terminal either mine or ssh into ec2, I use this command:
psql "host=$RDSHOST port=5432 sslmode=verify-full sslrootcert=./rds-combined-ca-bundle.pem dbname=database user=user_name"
and I still get the same error
psql: FATAL: PAM authentication failed for user "user_name"
or
If I use another command, without the .pem certificate
psql --host=database.xxxxxxxx.us-west-2.rds.amazonaws.com --port=5432 --username=user_name --password --dbname=database
Then it asks me for a password and Then I get this error
psql: error: FATAL: PAM authentication failed for user "user_name"
FATAL: pg_hba.conf rejects connection for host "222.22.22.22", user "user_name", database "database", SSL off
"222.22.22.22" is My Ip, I changed it of course.
I attached all the required and all the RDS access Policies to my user and still getting this error.
I am just no sure what to do at this point as I went through every single article and cannot find a solution.
I had a similar problem and after some playing around with psql utility I found the reason for these errors. You shall export your temporary database password/token to shell of the machine/service etc where the connection will be initiated from.
So, if psql connection is initiated from Bastion, the below command should also be run on the same Bastion server.
export PGPASSWORD="$(aws rds generate-db-auth-token --hostname $RDSHOST --port 5432 --region us-west-2 --username user_name)"
or generate it elsewhere and export its value as
export PGPASSWORD="temporary_token_generated_for_user_name"
With this exported $PGPASSWORD variable, it psql should connect straight away, without promting for any additional passwords
I found the solution finally. So if anyone has the same issue and goes nuts about it, here is the solution:
If everything is working as I described above and the only error you get is PAM.. then:
your config file is not properly set up. It does not have the username you are trying to connect, the region, and the keys.
~/.aws/config
[profile PROFILE_NAME]
output=json
region=us-west-1
aws_access_key_id=foo
aws_secret_access_key=bar
Here is the link to the question on how to set it up:
AWS : The config profile (MyName) could not be found
I have a ThingsBoard Professional Edition setup using AWS EC2 instance. The database is PostgreSQL-12. I tend to get the following error: FATAL: password authentication failed for user "postgres" FATAL: password authentication failed for user "postgres" when trying to log into the remote database server on pgAdmin4.
Here is a screenshot of the error shown when attempting to log in to server created on pgAdmin4.
Here is how I configured the remote database server (where Host name/address is the Public IPv4 of my EC2 instance).
In postgresql.conf, I have replaced the line listen_address='127.0.0.1' with listen_addresses='*'.
In pg_hba.conf, I added host all all 0.0.0.0/0 md5.
Here is a screenshot of my pg_hba.conf file:
I have also set the password for the user 'postgres' using the psql command #\password.
Here is what is shown in thingboard.log when I run the command:
cat /var/log/thingsboard/thingsboard.log | grep ERROR
Partial screenshot of /var/log/postgresql/postgresql-12-main.log shows the following:
I constantly have to use #ALTER USER postgres PASSWORD ‘<password>’; to be able to overcome this error but the error tends to return when I restart my local Windows machine.
That must be done by some software other than PostgreSQL.
Configure logging by setting log_statement = 'ddl' in postgresql.conf and restarting the database. Then you can more easily figure out when and by which software your password gets changed.
Additionally, configure pg_hba.conf to not allow passwordless connections from anywhere, then change the password. You may see some component start to complain - that component may be at fault.
I've created an AWS RDS database instance and I've created a new server connection on pgAdmin. It's connecting but when I click on the database I get the below error message. What kind of things could I be doing wrong? ( I get the same error on PSQL too)
" The operation or option is not available
could not initiate GSSAPI security context: Credential for asked mech-type mech not found in the credential handle
FATAL: pg_hba.conf rejects connection for host "86.159.85.29", user "postgres", database "rdsadmin", SSL on
FATAL: pg_hba.conf rejects connection for host "86.159.85.29", user "postgres", database "rdsadmin", SSL off"
You must use SSL when authenticating via RDS IAM authentication. The message you're receiving hints at this by saying SSL off.
I am having an issue that has been bothering me for some time now. It is with postgres on my mac. I set a password for postgres and I can not remember it for some reason. I have looked up and attempted several different methods for trying to reset the password but none of them are working and I need it fixed as soon as possible.
Here is what my pg_hba.conf file
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
I reset the local all all trust and then restarted my postgres server running
brew services restart postgres
and when i go to try and open postgres on my terminal I get the same password issue:
omars-MacBook-Pro:postgres omarjandali$ psql -U postgres -W -h localhost
Password:
psql: error: could not connect to server: FATAL: password authentication failed for user "postgres"
or
omars-MacBook-Pro:~ omarjandali$ psql -h 127.0.0.1 -U postgres
Password for user postgres:
psql: error: could not connect to server: FATAL: password authentication failed for user "postgres"`
You only configured "local" connections which are using Unix domain sockets. But your psql command line tries to establish a TCP connection (-h ...), which is not configured in your pg_hba.conf.
You need to use host instead of localin pg_hba.conf to allow trusted, non-password connections through TCP.
But that is a really, really bad idea, because that means that as soon as your Mac is visible on the internet, everybody can connect to your Postgres instance and hack it. This isn't a theoretical threat - there have been numerous posts on this site regarding that.
If you want to allow connections without passwords, at least only allow them from "localhost", not from the outside:
# TYPE DATABASE USER ADDRESS METHOD
host all all samehost trust
Normally, I would create create postgresql user like this.
sudo -u postgres psql
create user deploy_sample with password 'secret';
create database deploy_sample_production owner deploy_sample;
I tried to create the user through ansible script with this task
- name: Create database user
become: yes
become_user: postgres
postgresql_user:
user: user123
password: password123
encrypted: yes
state: present
This does create a user but i cant login using the creds.
I tried to login with this command psql --username=user123 --password. I get peer authenticate failuer error.
Ansible configuration looks correct, and may have nothing to do with the problem.
By the message we can see that it is trying to login with the Peer authentication method. This means that the O.S. user is being used to connect to the database instead of the provided password (see: https://www.postgresql.org/docs/10/auth-methods.html)
Two things you should look at:
How is your auth method configuration?
It is in the file: {data dir}/pg_hba.conf
It is possible that all local connections are configured to use peer (notice that are two types of local connections, one is called local = connection through unix socket, the other is host 127.0.0.1/32 = using network to reach localhost).
I would change the second one to use md5 method, this way you will be able to connect with user/pass using network, but still use peer for local connection - useful for the system user postgres
Connect with the application user using network
psql --username=user123 -> PSQL program will try to use local connections by default, meaning that the Peer authentication is used. You probably don't have the user user123 on the system so this will fail!
psql -h localhost --username=user123 -d <database> -> This way you will connect to local machine using network, thus allowing to authenticate with password.