Can't get password authentication to work - postgresql

I want to do something very simple: create a PostgreSQL database and then connect to it using psql. So here's what I did:
sudo apt install postgresql-9.6 (on Ubuntu 18.04)
sudo -su postgres (start a shell for the postgres system user)
createuser -P foo (create a user and prompt for a password for that user)
createdb -O foo foo (create a database owned by the previously created user)
All this worked flawlessly, no errors anywhere. And yet, when I try to connect to the database using psql -h localhost -U foo foo, I can't access the database (the password is definitely correct). The error message is psql: FATAL: password authentication failed for user "foo"
/etc/postgresql/9.6/main/pg_hba.conf looks as follows:
local all postgres peer
local all all peer
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
It all looks fine to me, yet it just doesn't work. What am I missing here?
I have also tried alter user foo valid until 'infinity'. And while the command completed successfully, it didn't help with the problem.
// edit: I noticed something strange about this problem. When I remove the -h localhost, peer authentication fails (as expected, because there is no user foo on the system). This leaves three lines of logs in /var/log/postgresql/postgresql-9.6-main.log. However when I do use the -h localhost flag, no logs are generated at all.
//edit: I have now tried the same thing on a Fedora 28 machine and it works as expected. I have no idea what the difference might be (other than the operating system and postgres version (10.5)

Related

Run psql command with postgres role

I am try to run psql command with postgres role.
(1) sudo psql -U postgres Since postgres differs from my OS username, I receive the Peer authentication failed for user "postgres" error when I run it.
(2) But when I run sudo -u postgres psql, it succeeds
My terminal image
I'm not sure how the (2) commands can work because, according to a Postgres document, peer authentication happens automatically locally and my current OS username is different from postgres. (I made no changes to pg_hba.config or pg_ident.config files.)
And what is the difference between the (1) and the (2) command?
In your first attempt, you used sudo to become the root user (because there was no -u option) and tried to connect as database user postgres, which will fail with peer authentication because root is different from postgres.
In your second attempt, you used sudo to become user postgres and called psql without specifying a username, so that the username defaults to the same as your current operating system user name, namely postgres. Then peer authentication works.

Is Postgres Ignoring the "trust" in pg_hba.conf File?

I have the following lines in my pg_hba.conf file:
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all all localhost trust
and I've restarted Postgres. When I connect at the command line everything works as expected:
$ psql -U me -W
Password for user me: # I can type any password and it will work
psql (9.5.7)
Type "help" for help.
me=#
However, when I connect through a software library (the Node library pg, through the library knex) I get an error:
password authentication failed for user "me"
I'm not specifically looking for a fix, I'm just trying to understand how this is even possible. If I just told Postgres to trust anyone, how can I still be getting errors about authentication failing? Was there something wrong with my pg_hba.conf entries, or does Postgres just choose to ignore them under certain circumstances, or ....
EDIT
In case it helps the database connection URL my program is using to connect is:postgres://localhost:5432/mydb.
When you did psql -U me -h localhost, psql failed to connect because it doesn't know what database to connect to.
Solution is psql -U me -h localhost -d database_name
Hope this helps.

pgAdmin:Password authentication failed [duplicate]

I have installed PostgreSQL 8.4, Postgres client and Pgadmin 3. Authentication failed for user "postgres" for both console client and Pgadmin. I have typed user as "postgres" and password "postgres", because it worked before. But now authentication is failed. I did it before a couple of times without this problem. What should I do? And what happens?
psql -U postgres -h localhost -W
Password for user postgres:
psql: FATAL: password authentication failed for user "postgres"
FATAL: password authentication failed for user "postgres"
If I remember correctly the user postgres has no DB password set on Ubuntu by default. That means, that you can login to that account only by using the postgres OS user account.
Assuming, that you have root access on the box you can do:
sudo -u postgres psql
If that fails with a database "postgres" does not exists error, then you are most likely not on a Ubuntu or Debian server :-) In this case simply add template1 to the command:
sudo -u postgres psql template1
If any of those commands fail with an error psql: FATAL: password authentication failed for user "postgres" then check the file /etc/postgresql/8.4/main/pg_hba.conf: There must be a line like this as the first non-comment line:
local all postgres ident
For newer versions of PostgreSQL ident actually might be peer. That's OK also.
Inside the psql shell you can give the DB user postgres a password:
ALTER USER postgres PASSWORD 'newPassword';
You can leave the psql shell by typing CtrlD or with the command \q.
Now you should be able to give pgAdmin a valid password for the DB superuser and it will be happy too. :-)
The response of staff is correct, but if you want to further automate can do:
$ sudo -u postgres psql -c "ALTER USER postgres PASSWORD 'postgres';"
Done! You saved User = postgres and password = postgres.
If you do not have a password for the User postgres ubuntu do:
$ sudo passwd postgres
This was frustrating, most of the above answers are correct but they fail to mention you have to restart the database service before the changes in the pg_hba.conf file will take affect.
so if you make the changes as mentioned above:
local all postgres ident
then restart as root ( on centos its something like service service postgresql-9.2 restart )
now you should be able to access the db as the user postgres
$psql
psql (9.2.4)
Type "help" for help.
postgres=#
Hope this adds info for new postgres users
Edit the pg_hba.conf file, for Debian on /etc/postgresql/9.3/main/pg_hba.conf and for Red Hat/IBM derivates at /var/lib/pgsql/9.4/data/pg_hba.conf
Change all authentication methods to trust.
Change Linux Password for postgres user.
Restart Server.
Login with psql -h localhost -U postgres and use the just set Unix password.
If it works you should re-set the pg_hba.conf file to values with md5 or ident methods and restart.
For those who are using it first time and have no information regarding what the password is they can follow the below steps(assuming you are on ubuntu):
Open the file pg_hba.conf in /etc/postgresql/9.x/main
sudo vi pg_hba.conf
2.edit the below line
local all postgres peer
to
local all postgres trust
Restart the server
sudo service postgresql restart
Finally you can login without need of a password as shown in the figure
Ref here for more info
When you install postgresql no password is set for user postgres, you have to explicitly set it on Unix by using the command:
sudo passwd postgres
It will ask your sudo password and then promt you for new postgres user password.
Source
Try to not use the -W parameter and leave the password in blank. Sometimes the user is created with no-password.
If that doesn't work reset the password. There are several ways to do it, but this works on many systems:
$ su root
$ su postgres
$ psql -h localhost
> ALTER USER postgres with password 'YourNewPassword';
As a rule of thumb: YOU SHOULD NEVER EVER SET A PASSWORD FOR THE POSTGRES USER.
If you need a superuser access from pgAdmin, make another superuser. That way, if the credentials for that superuser is compromised, you can always ssh into the actual database host and manually delete the superuser using
sudo -u postgres -c "DROP ROLE superuser;"
Once you are in your postgres shell, Enter this command
postgres=# \password postgres
After entering this command you will be prompted to set your password , just set the password and then try.
If you are trying to login postgres shell as postgres user, then you can use following commands.
switch to postgres user
# su - postgres
login to psql
# psql
Hope that helps
Ancient thread, but I wasted half a day dealing with this in 2020, so this might help someone: Double-check your postgres port (on Ubuntu, it's in /etc/postgresql/9.5/main/postgresql.conf). The psql client defaults to using port 5432, BUT in my case, the server was running on port 5433. The solution was to specify the -p option in psql (e.g. psql --host=localhost --username=user -p 5433 mydatabase).
If you leave off the --host parameter, psql will connect via a socket, which worked in my case, but my Golang app (which uses TCP/IP) did not. Unfortunately, the error message was password authentication failed for user "user", which was misleading. The fix was to use a url connection string with the port (e.g. postgres://user:password#localhost:5433/mydatabase).
My setup was Ubuntu 18.04 on Digital Ocean, with postgres 9.5 installed via apt-get, so not sure why this happened. Hope this saves you some time.
I faced the same error on Windows 10. In my case, when I setup the Postgres, my username was postgres by default.
But when I ran the command psql, it as showing my the username as jitender which is my machine name, and I don't know why this username had been setup.
Anyway to solved it, I did the following steps:
Run the command psql --help
In the output, look for the Connection Option, here you will see your default user, in my case it as jitender.
You will also get the command to set the anoter username, which should be psql --username postgres. You set the username whatever you require, and that's all, problem got solved.
If you see error
FATAL: password authentication failed for user "postgres"
and you are sure that your password is correct, check that the password has any special characters, especially "%" or slashes.
In my case, it was "%" in the password string. After removing this symbol, everything works fine.
Here are some combinations which I tried to login:
# login via user foo
psql -Ufoo -h localhost
sudo -u postgres psql postgres
# user foo login to postgres db
psql -Ufoo -h localhost -d postgres
Time flies!
On version 12, I have to use "password" instead of "ident" here:
local all postgres password
Connect without using the -h option.
First of All password crate
ALTER USER postgres with encrypted password 'postgres';
then service restart:
sudo systemctl restart postgresql.service
End.
Follow these steps :
sudo -u postgres -i
psql
\password postgres
After that, enter your password twice.
Then use that password in the pgAdmin4.
I was also faced this issue while login the postgres. I was followed the below steps and able to login with postgres and pgadmin.
Step1: Open Postgres using terminal.
sudo su postgres
Step2: Open psql.
psql
Step3: Reset the password of user
ALTER USER user_name WITH PASSWORD 'new_password';
Step4: Give the permission on database to user.
GRANT ALL PRIVILEGES ON DATABASE my_database TO db_user;
I just wanted to add that you should also check if your password is expired.
See Postgres password authentication fails for details.
In my case, Ubuntu 20.04 Postgresql 12 was using the wrong port.
I've checked /etc/postgresql/12/main/postgresql.conf and realized it was 5433 instead of 5432.
The answer is #diego
I want to add some explanations of how I fixed error and I hope it will help other folks:
ERROR: password authentication failed for user "postgres"
On Window
Make sure you download Postgres software, install it, create and confirm password
and make sure its not complicated with some symbols and characters.
Open window, click SQL Shell (PSQL) and access it and create database
Create connection string like
postgres://postgres:your_password#localhost:port/your_database
On WSL
Follow Microsoft documentation
After successful installation
// Open postgres
su postgres
// Type psql and hit enter
psql
// Create a user postgres if not exist or any other user you want
CREATE USER your_user_db WITH PASSWORD 'match_password_with_db_password';
// Give user password same as the one you set up for postgres db
ALTER USER your_user_db WITH PASSWORD 'match_password_with_db_password';
// Restart the server
sudo service postgresql restart
i had a similar problem.
Ubuntu was left me log in in console with any password for superuser.
Except when i connected with -h localhost in psql line command.
I Observed too that "localhost:8080/MyJSPSiteLogIn" - showed: Fatal: autentication error with user "user".
pg_hba.conf was ok.
I noted had two versions of postgres running in the same service.
Solved - uninstalling inutil version.
I had faced similar issue.
While accessing any database I was getting below prompt after updating password
"password authentication failed for user “postgres”" in PGAdmin
Solution:
Shut down postgres server
Re-run pgadmin
pgadmin will ask for password.
Please enter current password of mentioned user
Hope it will resolve your issue
This happens due to caching.
When you run, php artisan config:cache, it will cache the configuration files. Whenever things get change, you need to keep running it to update the cache files. But, it won't cache if you never run that command.
This is OK for production, since config don't change that often. But during staging or dev, you can just disable caching by clearing the cache and don't run the cache command
So, just run php artisan config:clear, and don't run the command previously to avoid caching.
Check original post
Password authentication failed error on running laravel migration
In my case, its Password was longer than 100 characters. Setting it to a smaller character password worked.
Actually I am wondering is there a reference somewhere to that.
Please remember if you have two versions of Postgres installed you need to Uninstall one of them, in my case on MacOS I had one version installed via .dmg and one via brew.
What worked for me was to uninstall the one installed via .dmg using the following steps
Go to /Library/PostgreSQL/13.
Open uninstall-postgres.app.
then try
psql postgres
it should work.
Answer given is almost correct just missing some pointers which i'll be taking care of in my solution
First make sure your user have a sudo access if not you can use the below command to add your user as sudo user :-
sudo adduser <username> sudo
The change will take effect the next time the user logs in.
i) Now go to sudo vim /etc/postgresql/<your_postgres_version>/main/pg_hba.conf file and look for line that says :
local all postgres md5 #peer
and comment that. Just below that line there must be a commented line that says:
local all postgres peer
or for older versions it'll be :-
local all postgres ident
Uncomment that line.
ii) Now restart the postgres by using any of these commands :-
sudo /etc/init.d/postgresql restart
OR
sudo service postgresql restart
iii) Now you can simply log into postgres using the following command :
sudo -u postgres psql
iv) once you're in you can create any operation you want to in my case i wanted to create a new database you can do the same using below command :
CREATE DATABASE airflow_replica;
In my case it was so simple! I was taken error in application JAVA Spring because I needed remember the Database Superuser, it is showed during the install process PostgreSQL, in my case the datasource would be postgres. So, I added correctly the name and it works!
Open pg_hba.conf in any text editor (you can find this file in your postgres instalation folder);
Change all the methods fields to trust (meaning you don't need a password for postgre);
Run in your console this comand:
"alter user postgres with password '[my password]';" | psql -U postgres
(meaning to alter some user password for [my password] for the user as parameter -U postgres)
Et voilà (don't forget to change back the method from trust for the one that should be best for you)
I hope this help someone someday.
I hope this will help you short of time.
You can change the password of postgres sql by using bellow command.
Command
sudo -u postgres psql
And next you can update the password
Command
Alter user postgres password 'YOUR_NEW_PASSWORD';

psql: FATAL: Peer authentication failed for user "dev"

when i create a new user, but it cannot login the database.
I do that like this:
postgres#Aspire:/home/XXX$ createuser dev
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) y
Shall the new role be allowed to create more new roles? (y/n) y
then create a database:
postgres#Aspire:/home/XXX$ createdb -O dev test_development
after that, I try psql -U dev -W test_development to login, but get the error:
psql: FATAL: Peer authentication failed for user "dev"
I tried to solve the problem but failed.
Try:
psql -U user_name -h 127.0.0.1 -d db_name
where
-U is the database user name
-h is the hostname/IP of the local server, thus avoiding Unix domain sockets
-d is the database name to connect to
This is then evaluated as a "network" connection by Postgresql rather than a Unix domain socket connection, thus not evaluated as a "local" connect as you might see in pg_hba.conf:
local all all peer
Your connection failed because by default psql connects over UNIX sockets using peer authentication, that requires the current UNIX user to have the same user name as psql. So you will have to create the UNIX user dev and then login as dev or use sudo -u dev psql test_development for accessing the database (and psql should not ask for a password).
If you cannot or do not want to create the UNIX user, like if you just want to connect to your database for ad hoc queries, forcing a socket connection using psql --host=localhost --dbname=test_development --username=dev (as pointed out by #meyerson answer) will solve your immediate problem.
But if you intend to force password authentication over Unix sockets instead of the peer method, try changing the following pg_hba.conf* line:
from
# TYPE DATABASE USER ADDRESS METHOD
local all all peer
to
# TYPE DATABASE USER ADDRESS METHOD
local all all md5
peer means it will trust the identity (authenticity) of UNIX user. So not asking for a password.
md5 means it will always ask for a password, and validate it after hashing with MD5.
You can, of course, also create more specific rules for a specific database or user, with some users having peer and others requiring passwords.
After changing pg_hba.conf if PostgreSQL is running you'll need to make it re-read the configuration by reloading (pg_ctl reload) or restarting (sudo service postgresql restart).
* The file pg_hba.conf will most likely be at /etc/postgresql/9.x/main/pg_hba.conf
Edited: Remarks from #Chloe, #JavierEH, #Jonas Eicher, #fccoelho, #Joanis, #Uphill_What comments incorporated into answer.
Peer authentication means that postgres asks the operating system for your login name and uses this for authentication. To login as user "dev" using peer authentication on postgres, you must also be the user "dev" on the operating system.
You can find details to the authentication methods in the Postgresql documentation.
Hint: If no authentication method works anymore, disconnect the server from the network and use method "trust" for "localhost" (and double check that your server is not reachable through the network while method "trust" is enabled).
When you specify:
psql -U user
it connects via UNIX Socket, which by default uses peer authentication, unless specified in pg_hba.conf otherwise.
You can specify:
host database user 127.0.0.1/32 md5
host database user ::1/128 md5
to get TCP/IP connection on loopback interface (both IPv4 and IPv6) for specified database and user.
After changes you have to restart postgres or reload it's configuration.
Restart that should work in modern RHEL/Debian based distros:
service postgresql restart
Reload should work in following way:
pg_ctl reload
but the command may differ depending of PATH configuration - you may have to specify absolute path, which may be different, depending on way the postgres was installed.
Then you can use:
psql -h localhost -U user -d database
to login with that user to specified database over TCP/IP.
md5 stands for encrypted password, while you can also specify password for plain text passwords during authorisation. These 2 options shouldn't be of a great matter as long as database server is only locally accessible, with no network access.
Important note:
Definition order in pg_hba.conf matters - rules are read from top to bottom, like iptables, so you probably want to add proposed rules above the rule:
host all all 127.0.0.1/32 ident
While #flaviodesousa's answer would work, it also makes it mandatory for all users (everyone else) to enter a password.
Sometime it makes sense to keep peer authentication for everyone else, but make an exception for a service user. In that case you would want to add a line to the pg_hba.conf that looks like:
local all some_batch_user md5
I would recommend that you add this line right below the commented header line:
# TYPE DATABASE USER ADDRESS METHOD
local all some_batch_user md5
You will need to restart PostgreSQL using
sudo service postgresql restart
If you're using 9.3, your pg_hba.conf would most likely be:
/etc/postgresql/9.3/main/pg_hba.conf
This works for me when I run into it:
sudo -u username psql
I simply had to add -h localhost
The easiest solution:
CREATE USER dev WITH PASSWORD 'dev';
CREATE DATABASE test_development;
GRANT ALL PRIVILEGES ON DATABASE test_development to dev;
ALTER ROLE dev CREATEROLE CREATEDB;
In my case I was using different port. Default is 5432. I was using 5433. This worked for me:
$ psql -f update_table.sql -d db_name -U db_user_name -h 127.0.0.1 -p 5433
For people in the future seeing this, postgres is in the /usr/lib/postgresql/10/bin on my Ubuntu server.
I added it to the PATH in my .bashrc file, and add this line at the end
PATH=$PATH:/usr/lib/postgresql/10/bin
then on the command line
$> source ./.bashrc
I refreshed my bash environment. Now I can use postgres -D /wherever from any directory
pg_dump -h localhost -U postgres -F c -b -v -f mydb.backup mydb
Try in terminal:
>> psql -U role_name -d database -h hostname.<domain>.com -W

Why does the OS user has to be same as the database user while connecting to PostgreSQL using md5 authentication?

I have configured md5 authentication for user foo by putting the following in pg_hba.conf:
# TYPE DATABASE USER ADDRESS METHOD
local all foo md5
When I try to connect (using psql) as the Linux user foo, psql asks for the password and the connection is successful. However, if I run psql as some other Linux user, I receive the following error:
psql: FATAL: password authentication failed for user "foo"
What is the reason for this behavior? I am under the impression that this only necessary if I use the peer or ident authentication methods.
Edit: I am using the command psql -U foo -W to connect. When I prefix the command with sudo -u foo it works; when I don't it gives the error as mentioned above. Sorry for not mentioning this while posting the original question!
Edit 2:
Here are all the un-commented lines from my pg_hba.conf in order:
# TYPE DATABASE USER ADDRESS METHOD
local all postgres peer
local all foo md5
local all all 127.0.0.1/32 md5
local all all ::1/128 md5
If you don't specify the database it will try to connect to the database with the same name as the Linux user. If you are logged as bar and do:
psql -U foo -W
It will try to log to the bar database with the foo user. To connect to the foo database from the bar loggin do:
psql -U foo -W foo
psql defaults to whatever the current user is. Use the -U flag to pick the database "role".
Postgres roles and the system users are seperate, although authentication can be configured to work against the system's own (pam/ldap/etc).